 Life from New York is a special Thursday edition of Ask an Engineer. It's still me though, the engineer. What's the phrase we were talking about? The person who goes into the river, the river is different each time and they're different each time. Yes, it's from Siddhartha. But this is the same show and the same people on it. Well, but we're a little different each time. I feel a little different. It's a different show each time. I feel a little different this week. It's the same people in the same place. We're here at the Adifer Factory in downtown Manhattan. That's right. That's where we do all the design, testing, engineering, shipping, kidding, and more. With me, Mr. Lady Aida on camera control and email duty and more. And we got a jam packed shift tonight, lots of stuff. I know today we moved from Wednesday to Thursday, but we're still here. Yeah, we did a time shift this week. Yeah, we did a time shift this week because there's a lot going on. We had planned a couple of things to do yesterday, ran out of time. So he said, well, let's just do the show on Thursday. So that's OK. You're going to see some cool socks though. Yeah, we have some cool socks. Very cool socks. And then also tonight, we're going to be talking about, which I think is the first time we did a security disclosure on our website. We got emails out. We put stuff on Twitter, put stuff on Discord, talked about the show and tell. We put it in all the places where our audiences and we also want to talk about it tonight. So we'll answer your questions live about how we did a security disclosure and then how we learned real time what some people want, some people don't want, and then some lessons learned. We're going to wrap all this up and do probably some type of article as well. But we thought we're the radically transparent open company. And if we make mistakes, we'll apologize and then we'll show our work. And that's part of it tonight, too. Made a couple of mistakes with it. OK, so let's kick off the show. That's right, Mr. Lady-ated. Tell them what's on tonight's show. On tonight's show, the code is RISC-V. I mean, it's five. But when you put in the code, it's RISC-V. RISC-V, that gets you 10% off on the AdFords show all the way up to 11.59 PM tonight or when I remember to turn off the code. Talk about our live shows, including Show and Tell, which was yesterday. Thank you, Noam Pedro. Time Travel, we'll be looking around the world in Makers, Hackers, Artists, Engineers, and we'll be talking about more of a how-to. How to do a security disclosure in the year 2020. Retro tech, a bunch of cool photos and stories. Help Wanted get a cool thing from the AdFord Jobs Board. It's a main New York City factory footage. 3D printing, new products, top secret. And then we got questions, top secret. We have one thing that's already kind of out, but you'll watch it and pretend you didn't know about it. And then we'll answer your questions. We do that over on Discord. Join up now. Yeah, AdFord.it slash Discord. All that and more on, you guessed it. Ask an engineer. Okay, well, Lady Aida, let's start it off with when you order stuff, use the code, number five, RISCV, don't forget. And you get free stuff. What do you get? That's right, $99 or more. You get a free perma-proto half-sized breadboard. We've got this popular freebie back, one 49 or more, you get a thing that fell off a shelf unexpectedly. You get a step-by-QT board. We've got a range of about 12 or 20 different boards. If you make it a count every single time you order, you'll get a different one because we can track which ones we send you. One 99 or more you get free UPS ground shipping in the content of the United States. All right, we have a bunch of live shows. We did one of our live shows a different day this week, including this one. So thanks, folks, for keeping updated on the socials and on our website. So anytime we, if we move a show, we'll do it on, we'll put it out on Discord. We'll tell everyone on the blog. And then also if you just show up when a live show is normally going on, we usually have the chat still open there, depending on the social platform. So you did the show until yesterday. Thank you so much to know, Pedro. And we talked about what we were doing today now. Jay stopped by from Digikey and then we had a bunch of folks who came by. JP had his projects, he showed a bunch of stuff. He had this cool little mini server thing. There's a lot of neat stuff going on. Philby showed some panels that he's working on and how the displays. You mapped it, yeah, video display, because we're going to be doing a cube. Yeah, and then what we did for Desk of Lady Aida, because we only did one portion of it this week, is we did the great search. So the great search is when Lady Aida uses her powers of engineering to help you find what you're looking for. Lady Aida, what was on the great search this week? This week, I had to find, you didn't think this part shortage just like, you know, they say like it keeps giving and giving. You know, this part shortage keeps not giving and not giving. The AP3602, I think is the part number, is a high current buck converter that people really like our breakout for. I can't get it for two years from now. You know, I did order some a year ago and I kept more in order, but it's like the lead times keep extending and extending. And so, you know, I want to find an alternative. So I found two alternatives and I showed, this one was a particularly tricky one because, you know, either I could find an alternative that wasn't quite as powerful but was pin compatible and I found one that has an additional pin and capacitor needed. So it's a minimal update to the design, but it's functionally identical. And so I think I'm actually going to go with the second one and redesign the PCB because adding parts means it's like it can always go back to the old part because it won't place the extra capacitor for the booster. But yeah, it's just, it's really hard to find parts right now. And, you know, everyone was like, ah, it's going to be like lasting a year, but it's like, could it be lasting like three years? There's a company we know and they use one chip for their main board and the lead time is 52 weeks. Yeah, and they're like, this is our main product and we can't get it. Thank you. So we're spending a lot of time. Thank you, SD Micro. Spending a lot of time redesigning. Okay, we're going to post an Ion MPI as a little standalone video this week because we have to do this show and then... We're going to get back to sync to next week. We're going to defrag. We're going to defrag. JP's product pick of the week was this week. You got to check out the thumbnail for this one. He did a really good job with the Tron one, but that's where we have a product for sale live with the discount already applied and here is the highlight from this week. It is the Mini Pi TFT. It is a spy SPI bus based display. It has a couple of buttons for GPIO and it's got that little STEMA QT connector on the bottom so you can plug in something like this GPS. Let's say you want to add GPS to a Pi project. It's just as simple as plugging into there and then using Blinka, the circuit Python for single board computers with it. You'll see this has header pins to plug into the first 12 pins. I have a little bit of code running on here and what it'll do is display some important information the time your SSID, your IP address of the device itself, the host name and even my ping I've got here. It's an IPS display so you get real great readability from angles. Mini Raspberry Pi TFT. All right and JP's workshop was today so watch the highlight. We're doing our show today. He did his show today and to catch you up this is the latest circuit Python Parsec. For the circuit Python Parsec today I want to show how you can use display text labels inside of display IO for writing words on your displays inside of circuit Python. I can control the position of this on screen using some of the buttons and you'll also notice that I'm writing out the coordinates of the text object there as I move it around. So let's bring this up to zero zero how this works. I'm importing terminal IO for the font, importing display IO and importing Adafruit display text label. I set the font to be terminal IO font and then to create a text label which is a special type of group in display IO that can have text in it. So I create this, I'm calling this one big text label and then I use label.label and I set some settings which font I'm using, I'm setting the scale to three so it's big, what text I'm writing and the color here which is green. Then I'm setting an explicit position on screen. I append this text label to a higher level hierarchy group called text group that I created. That's so I can put two different things in here but you'll notice I can move one of them while leaving the other one in place. And so this is one of the cool things about using text labels is that they are groups that can be lots of groups inside of one larger group which is the main display. I'm doing a similar setup here for displaying the little coordinates at the bottom and then I'm using the buttons to just increase or decrease the X and Y values. Their origin point is the far left of the text and halfway down into the text. So that means you can't really start stuff on zero zero with the font this size. I started at zero on X but 10 down on Y. And so this is text labels inside of display IO in circuit Python. And that is your circuit Python parserque. Okay, and then Friday, last Friday was Scott's final solo deep dive that he does at Friday's at 2PM Pacific, 5PM Eastern because Scott is gonna be dad and Scott's taking some time off but for me guy Tim will be there and do check it out. It's this week, 2PM. And I'm looking forward to it as well. Someone in the chat was asking about the Python based like Winamp thing that we're doing. Tim for me guy was a person who was working on it. So do you talk to Tim about that this Friday? And one of the cool things would be like, well, what if you wanted to change the default thing that we showed how to do because that was the whole point that people started with this finding these old Winamp skins and being able to make your own portable player and then add some more functionality to it. So that's totally foamy back foamy guys foam. Yeah. All right, time travel. One thing before we jump into our security stuff we wanna talk about. So this week, believe it or not it was International Women's Day. It was March 8th. And one of the things that we wanted to do is there's this logo thing that they're doing where it says support women shop the logo by women-owned. So if there's companies out there, check out www.womenownedlogo.com and they're trying to get folks to show this logo around. So when you're looking for things if you wanna support a woman-owned business you'd be able to do that. We're in a woman-owned business. Here's our thing that we're shopping around tonight. Use the code to get a discount. But it is helpful out there because especially now after the last couple of years women-owned businesses got hit even harder because they don't necessarily have the same resources. They didn't get the same opportunities. So if you could support one, please do. And happy International Women's Day. We like to and we posted up a whole bunch of women who design electronics and we stock their stuff. So check out I think that's on the blog post where we highlight some of those awesome women who made electronics that we are happy to support and sell. All right. So we did a security disclosure. We'll save it as cloud again. Poofy the cloud. It's a happy cloud and we learned a lot and we also wanna talk about it. So first up if you wanna read it while we're doing this www.adafruit.com forward slash March 2022 disclosure. And I have it here. This is the website, our blog. It's also in our press section. We also posted it on Twitter. We also put it in Discord. We also sent out notifications to the users. But we didn't send out notifications to the users the first day that we did the disclosure. And we'll talk about would we do that again? Probably not. We would probably make sure that we're sending them out the exact same time. What we did is we got the disclosure out and we have a very popular blog. And this type of data leak or potential data leak I should say isn't something companies ever disclose but we decided, well, let's do it anyways. We don't think this data even got out there at all whatsoever. In fact, we're pretty sure it never did. But we decided, well, we'd rather let everyone know and give more information than not and have something happen and then have to explain well, yeah, we didn't tell anyone. So I guess we should start off with like what was this data leak? So I thought what that would be useful is I would kind of like interview Lady Aida. So was this like credit cards or financial information? Cause I hear about that all the time. Yes, that's a good question. So a lot of people talk about PII or personally identifying information. And that can mean anything from like your name, your email, your address to stuff that's like kind of scary like your social security number, credit card data. We don't store that stuff. We don't store that stuff. And so that data was not exposed. Like there was no credit card information and there was no passwords or hash passwords. You know, definitely if like, you know, we've done a disclosure where there's hash passwords that were leaked. Yeah, in 2016. We said everybody's passwords. Yeah, in 2016 there was a security researcher that disclosed that you could get the hash passwords out of form software. And so we let all the users know. And we reset all their passwords. And that security post is still up and we linked to it on our security page and we included it in our disclosure email and this disclosure post, because we wanted to have every single time anything has happened. This is number two. If I had a nickel for each time, I'd have a dime. Yeah. So that's what, when people talk about PII, in this case, the data was exposed was, it was used for a audit of orders. However, credit card data was not exposed. What was exposed was name and address, shipping and billing and email address of orders around I think 2017, 18 and 19. Not all of them. And we should say, we shouldn't say exposure, we say possible exposure because one of the things. Well, it was exposed. It wasn't leaked. So the next question is, when you say exposed, was it like available on our website? Where was this, where was this data possibly at? So, well, where it was at, but we, you know, we don't think it was, was axed, you know, it wasn't downloaded in. So usually when there's data leaks, and I've seen this before, is the information is found on like a dark web website. This wasn't found in that way. Yeah, so what happened is that we had an employee who had been doing audits on orders. We had extracted a report and told him to, he was being trained on how to run the report. He'd been a long time employee. And what we didn't know is that he had inadvertently, they had inadvertently published, sorry, created a GitHub repo on their private account and uploaded that data. I don't even know if they were aware at the time that they had done that, or maybe they, it wasn't completely clear. By the way, I guess I should answer a thing. Was this a rogue employee? Was this a disturbance? No, it wasn't malicious. It was, I think it was a misunderstanding. They didn't, you know, they had a working directory where they were like writing code. And I think that they were like, oh, I should save the code on GitHub. And so because it was in their private account and a private repo, we weren't aware of it. And then, you know, later on when we separated, because they just moved on to do other things, we were like, okay, well, we've cut off your GitHub access and we've, you know, we've wiped your laptop. But what we didn't realize is that they had a repo on their private account. And so the data was exposed by them making that repo public, which contained their working directory where they had been working on these scripts. And so there was the data. Yeah, this wasn't live production data that they had access to. And we'll talk about that. This was a CSVs because it was data analysis data audit. It wasn't touching. They were not touching the database. Actually, almost nobody in the company has access to the database. To be honest, they don't even trust me with access to the database. Yeah, we're just probably good. We'll talk about some of that because I had some specific things. And then we'll talk about some good lessons learned. It was real data because they were actually running real reports. So it was, you know, there was not a, it was not a training thing. Like they were actually part of the team that was running this report, auditing our orders to make sure that what we had on the website and what we had, you know, and our various databases, they all matched up basically. Like what PayPal thought, like this person placed an order, they really did place an order. Yeah, and then one mistake, and this is the mistake I made, was when we released the disclosure, one of the words I used was training. And because machine learning comes along now, some people thought like, oh, you're training the data using the data. And like, you know what, that's not a good, that's not a good word. Yeah, because machine learning and training are now synonymous with like, oh, you were like making data sets and doing machine learning on it. That's not what the training was. They weren't quite ready for machine learning. They were running an auditing script that was trying to basically matching up, you know, did this order exist and making sure, because once in a while actually there are, people have, we've had times where people placed an order and like the PayPal like didn't return the thing. And so we have to do a matchy, matchy thing. Anyone who does online ordering in detail knows what I'm talking about. It can sometimes not sync up. And so at the end of the month, we check to make sure that it syncs up. Yeah, so what we did was we put out the post on Friday at 8 a.m. And we're like, okay, well let's see if anyone has any questions. Why did you post it Friday at 8 a.m.? Okay, so we wanted to make sure our privacy lawyers, our legal experts, everyone looked at it. And here's the thing, and this is where it's like, lessons learned. Lawyers don't get back to you as fast as you'd like. I wanted to do this on Monday at 8. I got the final like, hey, it looks great. This is wonderful. You don't even need to do disclosure. You guys are fantastic open transparent. Everyone's gonna love this. Mad here. Later. Let me know if you need anything on Monday. So lesson learned. I don't think anyone should ever do a security disclosure, disclosure post on a Friday. Because like we are collaborative. We talk to our team. Even at best case scenario to get everyone together and just say, hey, we got some feedback. Let's make some updates how we do things. Unless you're okay with doing stuff over the weekend. Like we couldn't get ahold of our, you know, legal experts and privacy experts. So we had to wait until Monday morning. And like Monday at 7, we did an update and did some more. But that's the reason we did it on Friday. And we thought, well, like that'll, that's a good time, like as fast as we can possibly do it. So my suggestion for everyone, and this is in the lessons learned category, is do it on a Monday and have your team ready and make sure you talk to your privacy lawyer, legal experts and everything and say, look, I might call you on the phone on Monday during these times. And if you're not available, who is available? Because I might want to double check something, you know, measure twice, cut once. Because we really care about our users with this. And even though we don't need to do a disclosure, we decided to. And the other thing that I did, here's my next mistake. I said, why aren't we, I even put, why aren't we emailing people? And this was, I made a big deal out of this. And I said, you know, if we're not going to email people when we post this, why don't we put, why we're not? That way no one will question why we're not emailing. Turns out that was not the way to describe it. What I should have done is said, we will email users no matter what, even though we don't need to. You may have not gotten an email yet, but you will because by me saying, hey, this wasn't useful to send an email about it. There was no financial information. There was a password reset. And this is only Twitter, by the way. I should actually have a Twitter slide here. By the way, well, yeah, by the way, what you do on Twitter is viewed different and handled different and I'll get into that. But what I should have said is, why haven't I received an email yet? Or will I receive an email soon? Because some people want an email no matter what, even though email is not the best way to do things, even though we have this on our video shows and all the places on our site. So that was a big lesson I learned. What day you do it? Yeah, do it on Monday. And then you should just always email. If you're gonna do a disclosure, don't even have a different sync up. Like I'm like, oh, we can always email. What's the big deal? Because we had this ready to go. So we had the email list, we had everything in place, but I needed to make sure, I talked to our privacy lawyer, data lawyer, our team, and said, hey, we're going to do this now. Notify our team, hey, you might get some inquiries. So by the way, all together out of all this, five people have contacted us. Even after all these, after all the emails went out. And they're just like, hey, good job. And then some people had some clarifications. So I'll get back into some lessons learned stuff. But I wanted to thank some of the people who helped us even figure out other stuff we're gonna add. So I'm gonna continue to ask you some questions if that's okay. So Lady Aida, why does anyone at Aida Fruit have access to PAI other than the actual operation of the website and business? Well, this person was in business operations. I mean, they were in the financials team and they were doing, again, this audit of orders. It's something that we actually have to do. It's not a frivolous task. It's a required task that we do monthly. And we have to do that because once in a while an order doesn't sync up and we have to either contact the customer and be like, hey, your order didn't come through properly or avoid it or contact the company to handle the payment and be like, hey, the payment didn't come through. And that's just a very standard part of doing business. So it is a requirement. Yeah, and then someone asked the same question that was in here. Was this done using Git clone on the private repo or did they explicitly create the repo and commit the files? Good question. They created a completely new repo and so we didn't see that there was a fork because they had access. They were a member of the, we have an Aida Fruit internal GitHub collector we do not have PII on there, but they had created a completely separate repo for their working directory for code. And just to be clear, and this is also by the way my fault because I said, hey, why don't you like, make a GitHub account if you don't have one. And this is where the narrator would have been like and she would have regretted that later. Let me tell you how I got here. Yeah, it's a little bit like record scratch because whenever people are joining and this person had been coding, sort of as not as a beginner, but they were in early in their coding life, I'm much later in my coding life. And so I was like, oh, why don't you get a GitHub account and learn how to use it. And yeah, I still, I really like GitHub but it's a great place to store files. The other thing I wanted to mention, the employee was not performing any learning or training using PII. They weren't doing that at all. It wasn't, they were not learning to code with this. They were already, they were a very junior developer but they were somebody who was running a report legitimately as part of their job. It was their job. They never had access to PII data directly on our production database. The PII data was part of a monthly generated order history report used to perform the audit. Yeah, like I said, very, very few people have access to the production database. Like it's really locked down. I don't have access, you don't have access. Only the backend devs really have access. And even then they're, I mean I don't even know how to get access, you know. But it's very locked down. And you know, when we use the phrase they were getting training and there was data analysis, people assumed on Twitter, and again, there's the Twitter world, that we were doing like some type of machine learning. We weren't doing that. And so what did we do? Well, we've already taken further steps to make sure that doesn't happen again. We've had really good policies. This is a very unique situation because it was a good clown for the repo we didn't know about, access we couldn't turn off. And then someone says, is this something that Adafruit could have done where you generated simulated or scrub mass data? Yes, Adafruit uses simulated scrub mass data and all the development and testing environments have for several years. We do not use unscrubbed data in any development for testing anything in any environment. Well, I don't want to clarify that because it sounds mixed. So when we're doing, you know, we have a staging site where we stage website changes, like, you know, backend changes or front end changes. That has a scrub database that we use for testing with like, you know, fake order data. For auditing of, you know, finance and orders and business flow and operations, we do have to use live data. However, we're going to be very, we're going to be a lot more careful now about making sure that every single field is like, do they really, really need this field? And if not, make sure they don't have it. I don't know how many fields we could have removed from this report, but it's something that we're definitely going to consider if we have another person take on this as well. And then someone asked, how long was it public? Here's the thing we really don't know because this was someone else's private repo and they don't know when they had made it public. What I do know is that when we found out within 15 minutes it was deleted. So we were alerted and then we contacted our former employee who we're friends with and we said, hey, like, you might want to check this out. Oh my goodness. We looked at it together, immediately deleted. We started do forensic. It doesn't look like anyone has ever accessed this and I'll give you some good reasons why we think that's true in a bit. So anyways, that's just some of the stuff that I wanted to go over. Now, I wanted to do some of the lessons learned because- I'll also say, by the way, like I may have made a mistake in some of the fine details because I was not, there was an audit of this event and I may have some small, if I have some small details and it's not malicious, I've had a very busy week and I may have just forgotten something. I think folks, well, this community is very understanding. If you go through a transcript of every word that everyone says, so I guess here's the other thing and this isn't in the mistakes and lessons. We have to normalize people doing disclosures. We have to make this okay for people because I'm pretty sure this is why you never see any security disclosures. Every company that I talked to, they said that they wouldn't even let anyone know about this because no one saw it. It was a private repo. Who cares? Why are you so tenacious about letting people know? I'm like, well, that's the right thing to do. So I just want to make sure, I think we should be like, hey, how did this happen so it doesn't happen to you? How can you turn this into a learning? We're a learning company. How do we turn this into a good example for folks? So here's some other lessons that I learned. When this happened, it's like, well, this is just what this former employee did, just blame them. You can't do that. This was a training issue. And again, I'm using the word training and I think in the right way. We just needed to say like, hey, when you're working with code and data sets, here's what's really important on how you're making repositories here. How's GitHub get a little grabby if you're using the GitHub desktop tool? I think also exit procedure. You know, when we start having people work with us, making sure that they understand how GitHub works and how repositories work and you know, it's like, you can, you know, when you wipe somebody's laptop that doesn't wipe their private GitHub repos. And so it's like, there has to be another private accounts. Like, you know, the data is still online. I think that's one of the things that people have to realize with cloud storage is it used to be like, when you left a job, you'd wipe a drive. You now have to make sure that anything that they were connected to on the cloud is also wiped. So the other thing that I learned is we did a think okay job with this. So we had to use the company voice, but we also put our real names there, how to get ahold of us, the security email address, the past security information, our bug bounty section on our site, how to report security issues. So we did a good job with that because I think that's the accountability that people look for. They want to see like, well, who's responsible? It had your name and my name and people got ahold of us who needed to. And then the other thing is make sure you have a shift of people that are around to answer questions fast. A lot of the things that came up, we were able to answer immediately. And so someone misread the post and they said, oh, does this mean my GitHub login and password needs to be changed? Because they're not super techy. Good questions. Yeah, and we were able to answer. No, instantly. And some folks asked some questions on our Discord and we were able to do that. So the other thing I learned was things about Twitter. Yeah. So the thing I learned about Twitter, this was a bit of a tough lesson because the phrase, tempest in a teacup is really true. So we have a 13 year old account on Twitter called Datafruit. And over the course of 13 years, we had blocked some people. And here's the unfortunate part. So we had blocked some people in the past for some really terrible stuff. And not gonna go too many details, I guess, but we had to call the police on some people. We had to tell people stop bullying a team member because we canceled their order because they called a female team member a really bad name and we're like, please shop somewhere else. There's a lot of things that happen like that. So over the course of 13 years, we had some blocks. The problem is people assumed that when they were trying to look at our Twitter account where we had this, that we blocked them because we were trying to hide this. And they hadn't noticed. And that escalated and escalated and escalated. It doesn't say when you were blocked, it just says you're blocked. It's like, oh, that must have happened an hour ago. So then that was the story. Adafruit is blocking people who are trying to share posts and tag them about this. So then I got tagged and then people said, oh, Phil, isn't he the one who did NFTs? So then, yeah. Yes, you have nice freaking technical socks. So it turned into something. But I'll say this, there was a friendly person who said, oh, I'll just email them. So they emailed me and then here's the other thing. If someone emails you about something on Twitter, they will take your email and they will screenshot it and immediately put it on Twitter. So make sure you know that is what's gonna happen. So yeah, spell check, I use capital letters. So yeah, I was very surprised. So someone emailed and they said, hey, I saw that someone was blocked on Twitter. So I had written back, thanks for contacting us. We apologize for the incident. We're notifying users and you will be receiving email. Additionally, it's below, included that. Your email address was included. We are not blocking people on Twitter. There were some past blocks from a long time ago. However, removed those now and we will make sure it's clear that there are no blocks anymore. We apologize. So I think it's important you say you're sorry and then we just wiped the slate clean because I didn't want people to, I didn't want this to be the story. Turns out that was actually the biggest gripe. So Twitter's gripe wasn't the security disclosure. It was, I didn't get an email and now you're blocking me about it. Yeah. Because I'm just trying to share it. And just to be like super clear, did you block anybody over this? No. Zero. Yeah. We haven't blocked anyone on Twitter in a while. Well, I gotta ask. No, you should. And so a journalist contacted me and I said, well, here's a screenshot inside of our account and they're like, okay. I can't like we're inside Twitter now. Hello. Yeah. So what we did is we listened to folks including Twitter and said, well, it's Friday. So over the weekend, people asked, well, I still want any email notification. We're like, no problem. Monday morning, started sending all these out. If you got a notification, great. If you have any questions, email security at Adafruit.com. And then this immediately went away and now the outrage is onto the next thing. So other lessons that I learned is I think it'd be useful for people to have an article about our lessons learned because I didn't see anything. Like how do you get this word out on Twitter now? Like what's the best way to do it? Yeah. I think it's a different world. I think what's interesting is before we had done this disclosure, I looked at other companies and other things that had similar disclosures and I was like, oh, ours is like pretty good. It has details explaining what went wrong and that we're gonna do something about it and here's how to contact us and it turns out like we're just held to a really high standard, which is good. The other thing I would do is if we ever have this happen or anything like this, we would do the disclosure post. We would do a live video show and answer questions live because I feel like that would take care of a lot of stuff. There was a lot of like, you know, there's a little bit of And that was Twitter because people kept feeding on it. And so, you know, I get it. It's like, it's donkey and like it's a hate machine and that's a different world. The people that are customers and communities, they really appreciate it and then they got an email and they're like, oh, like double plus good, thank you. Yeah. So that's our story. Any other questions? Folks are sharing their stories and I think if we can normalize this as a community, then, you know, more people talk about this. Now, the big question is, why do we think that this data is not out there at all whatsoever in any way? Well, for emails in particular, so we have very smart sophisticated customers. They use specially generated email addresses for all of their Adafruit stuff and we know that people use that for the Adafruit newsletters, which is a separate site that we use. We know that people use these special email addresses for their orders. They'll use it on a per order basis. So in the history of Adafruit, no one has got spam from that very specific secret email address. And two or three people have emailed us over the last 13 years and saying that they think it was, but they also had kind of guessable ones. And so they're like, well, it could be like, it could be guessable. So none of this information was on a dark web. We made sure we looked around. We looked at all the places, the persons that are in this email list, they have never contacted us and said, oh, I never got contacted before. I know this email address specifically is from Adafruit. So we're pretty confident. Also, there's some forensics that we were able to do. Doesn't look like anyone got this thing and was downloading and doing anything with it. And it wasn't up there, an unlimited period of time. So we think it's okay. It's hard to know. I mean, look, we did a disclosure and we notified people, which I think is the best we can do. We don't store the stuff that would be really scary. Like I purposefully have made sure that Adafruit never stores credit card data because I just don't want to touch it. It's radioactive. It's scary and dangerous. And the data that we do collect is really what's required. We need to, in order to fulfill the orders and charge them, we need to know your name and your address. I think the big things for me because I'm founder and I'm also lead engineer. So technically, any technical thing that happens is kind of my fault. I think a lot of it is, we're seeing a lot more people. I think like anyone who works for a company, you're gonna see a lot more younger people who want to learn how to code. They want to get ahead. They don't come from a technical background but they see that coding is a way to get further in their careers to make more money, to be able to support their families. And so you're gonna see a lot more people who are learning how to code. And I think that it's incumbent on us as the older generation to make sure that they not just learn syntax and compilers and version management but also how to treat data. And so this is where it's my fault. I did not teach this person how to treat the data because I had this bias where I am so used to dealing with engineers and computer scientists. I think we have to treat it like toxic waste. Every time we're touching any form of data, we say, oh, this is toxic waste. Put your gloves on. Make this something that has a significant impact on any time you're doing this. Well, I think you can respect it. I don't think you have to be scared of it but you have to respect it. And I think- I respect radiation. You respect radiation. That's true. Our friendly atom. So I think that's on me. I think like, I forget that not everyone kind of grew up in technology and in hacking and in computer science and in taking courses and classes on this. A lot of people are learning online and they- But they're learning on the job here at Data Forever. But they're learning on the job. So I don't want to stop doing that. I want to make sure that people do have an opportunity to expand their careers and learn how to code. And if they do know how to code, you know, do that on the job. So I think that, I think also we're going to be, you know, we've already changed how we're going to, when we do reports, we're going to really make sure that they only have the minimal data required instead of like the complete data set. It's like, if you don't really need that field, you're not going to get that field. So someone had a good question in the chat. They said, I know you already talked about this, but like what ways can you normalize data disclosures? Because obviously no one does this. No one, I was looking around. I'm like, oh, I wonder if there's ever been a company that did like a live video show. The fact of the matter is most companies that this would happen to you would never hear about it. You'd never hear about it. Because they're like, oh, is it a private repo? Okay, well now it's gone. So who cares? No harm, no death. It's like it wasn't leaked to the dark world. Okay, I don't have to. You didn't get notified by like, have I been pwned or something? So here's the best way I think to normalize. It starts with us. We're leaders in lots of things. So will this be a mistake? Maybe talking about it on a video, answering questions live, sending out notifications after people say, hey, that post wasn't enough. I even want more. I think you just have to be fluid and fill the container. And the container is many different spaces. There's some people who, they're security professionals and they know that this didn't matter. Don't bother me with stuff. This is not, unless it's a credit card or Social Security or like, I don't want that. And then there's folks like, tell me anything at all at all times. And it's high touch. And then there's folks and someone said this, they're like, a live video would be great. Because like, I actually think that's a really good idea because I think, you know, what's interesting is we drafted the disclosure. And again, it's all my fault in the end because it's like, I'm the founder. Well, if we did a live video, we could have heard from the community and updated it right after. But we had a lot of people look again. Everybody was like, oh, it looks okay, it looks okay. Because we were all kind of working on it together and we didn't have the, you know, it's like we knew the situation so well because we knew exactly what happened in the person. We were like, oh, I know what happened here because we were just like, we are in the company. And of course we don't want to like make this person feel bad because, you know. It's not their fault. It wasn't their fault. It's not their fault. And you know, every developer, you will make that mistake or that error or that misjudgment. And that's, you know, that's part of doing electronics or computers. Like you will happen. So I think we weren't aware of how some people would read the text and they wouldn't read it the way we read it. And so I think having like a, instead of being like, okay, we've drafted this, we've drafted, drafted it, and then we release it. And like everyone is, you know, it's been like chopped up and turned into like a meat patty. It's like releasing something and then like layering. I don't know, I'm really hungry. I want like a hamburger. You know, layering like, you know, lettuce and tomato. Oh, and somebody wants cheese and somebody's like, where what? Well, you know, can you give me more details about this and that? But what we thought people would be interested in what we thought people would be interested in was not actually what they were. Like we actually, you can't predict it. Yeah. So I think you just need to be fast and real time on the disclosure, have the team around and then do an update immediately. And maybe this is going to be kind of a thing like, oh, it's day to disclosure day at company such and such, come in at this time. And this is how you can ask your questions. And if there is a significant exposure, what do you do next? How do you protect yourself? So I think that how do you normalize it? You have empathy for the users. You have empathy for everyone. And you also know that if you aren't in a place where you can answer things real time, people will make their own narratives. And that's kind of what happened on Twitter. And I think some people assume the worst. We had some old blocks. We had some past competitors that don't like us. And you know, this is their chance to, you know, I get, you gotta, you know, poke it. And I think that luckily for us, we've built a lot of trust with the community. Someone noticed something on our site and they just said, I've never received a spam email from Adafruit. I've ordered from you for years. And that's true. When, and they said, when you order from another company, you immediately are on a mailing list forever until the heat death of the universe. So today I unsubscribed from UPS for like the five billionth time. I don't understand like how many mail lists I'm on. So that's one of the things because we have never ever, and I can promise you, we will never, ever, ever, ever use your email address for anything other than what you requested it for. And we'll never give it to a third party for spamming and all that and remark it to you that people trusted us and they still trust us. So I think that's important. And we'll see how this goes. So this is, you know, the second time we've had a security disclosure last time. We did the disclosure then emailed later too, but it was 2016 Twitter wasn't what it was now. But, you know, this time I hope some of these things that I mentioned, some lessons learned has happened. So I know we spent a lot of time on this one, everyone, but this is what we wanted to do to get the word out. And maybe this will help you. And then my very last thing is, if there's anyone out there who's a maker company and you have a data leak, data disclosure thing that you need to do and you're worried, email me, ptedatafruit.com. I will talk to you on the phone and I think I'll be able to give you some good advice, maybe suggest some privacy and data lawyers or just give you a sanity check because that's things that, you know, I don't get. I reached out to some folks and basically they thought I was crazy for even disclosing this. So that's our thing. And I apologize for interrupting Phil while he was talking. Oh no, no, no. I know I'm a little, I'm Jewish. She's a lot smarter than me and has a lot of information. So anyways, we'll pick up any question in the chat later and we're gonna continue to update our disclosure post and more. And if anything comes up, we will. But I also wanna thank the folks out there that were supportive and gave us some good suggestions and advice and, you know, as soon as we got more information out there, everything was fine. So I'm thankful that even, I'm thankful even to some of the harsher folks because they helped us make sure that all of our policies are in place in their world. And I do wanna thank again the people who emailed us. We got really, really excellent questions over email. And in fact, some of them were like, I was like, oh yeah, you're right. That is a good idea to add to our policy. I can tell that they write data analysis policies for their companies. Please bring it on, please let us know. Because the people who are in the field who actually experienced this know it the best, know that the lawyers are awesome too, but doing the work actually makes a difference. Yeah, and I think that's, oh no, Donald, our customer's got an email that was a subset and if you didn't get an email, like you're fine. However, if you want to double check, you can email security at Adafruit. It's in the disclosure thing. If you're, cause I know some people that went to spam or whatever, if you're not sure, you can always email and say, can you check if my name or address is and we'll be able to assure you. Yeah. Okay. Well, that's it everyone for the security portion. So we're gonna move on. If there's any questions in there, we'll continue to answer the questions. But maybe this is a new chapter for how things are handled. Cause that's what I'm hoping for because I really think that we need to make, computers are made to share data and they're made to get stuff out there. And even though we were lucky and we don't believe this was out there at all, it happens to all of us in every company. So you just have to figure out ways to make this good for the users in every way. Computers love to have data copied all over the place without any like permissions. All right. So let's travel back in time before everything had an internet connection on it. Like my segue. You don't have to worry about your Calcule. All right. So this week's RetroTech is a non-internet connected device. It's a Calcule. It's a CalculePan. It's from like 1975. This is a beautiful device. Ah, I love it. This is a CalculatorPan. It is completely unusable. You have to like, It really is. You have to tilt the buttons to do math. You have to read the instruction book and remember kind of how to like use it. It's beautiful. It's milled out of metal. And Lediator will show it to you. But it's really hard to use. Oh yeah. You have to tilt the switches. You have to like press and tilt. And then I don't even, it's not working. Okay. There you go. So maybe I'll add 1,000. Geez. I'll add 1,11 because I thought I could do. I don't know. This is really hard to use. But it looks cool. It is the coolest pen. I love this thing. This is the first time I've used it. And it is completely not usable for a calculator. Or a pen. Or a pen. It can bind the two worst things about calculators and pens and it put it in one device. But it is a conversation piece. And I love this thing, the CalculePan. Okay, next up. We're gonna take you back in time. This is like almost 20 years ago in Vegas there was something called the Star Trek Experience. And apparently tonight's Picard's pretty good by the way. But this was a experience at the Hilton in Vegas. And one of the cool things about it is when you went in there was a ton of things from all the Star Trek series that were out at the time. And this is like 20 years old. So I've always had a digital camera since digital cameras have been around. So these are tiny. The reason why the resolution is not good is because it was dark. And 640 by 480 was as big as it got back then. They had some board costumes. They had some Romulan costumes. They had, I think this is stuff from the original series. And they had some Ferengi stuff. Deep Space Nine had just come out. They had one of the torpedoes and they had phasers and they had Worf's sash. They had Guyden's shirt. They had the Spock chest, the four layer chest. They had some of the original movie series uniforms. Was this the coolest place ever? For me it was. They had the people who worked there were all in character and they dressed up. And then when you got a little bit further you went to the promenade of Deep Space Nine. And if you look really close, oh yeah, and you were 21 and you got stamped. You put your hand underneath the thing and then you went to, that's right. Cork's Barn restaurant. I have one of the only known existing copies I think. Because this is stolen of a Cork's menu featuring the drinks at the time that they had there. Can I talk about the warp core breach? Oh no, oh you don't need to talk about it. We're gonna show it. You want something? A warp core breach for two. $19 is a giant thing with dry ice coming out of it. Drinks called the pattern buffer. The Andorian Colada. The Cardassian Cooler. The Hairy Mug. This thing was amazing. James T. Kirk spelled T-E-A or Ryan's Belt. Rom's Root Beer, a Sorian brandy. It goes on and on and on and on. They have Deep Space Wine for the wine lovers. It is amazing. This is not a retro technology thing but I kind of think it was. That is this week's retro Cork's Barn grill. There is a photo on the internet of me at Cork's Bar at Def Con 8 with the rest of the CDC crew. But it's very hard to see me but I was there and I was under 18 or under 21. I was like 19. I was under 21 but I believe I drank some of the warp core breach and it messed me up. Okay, we're gonna do Help Wanted. All right, on jobs.eaterfruit.com this week. Check it out. There's someone who has a matrix portal and they want your help. It's a remote contract position so check it out if you know Circuit Python code and want to do a cool project with someone, go to jobs.eaterfruit.com. Okay, I wanted to do a very brief mention of, we're not gonna do the whole Python on Hardware Newsletter this week. We're just gonna do one thing. If you haven't already, subscribe to the Circuit Python show. Episode two is with Les Pounder. It is good. I started to listen to it while I was sending emails to customers. Oh, you know what? Actually, I can't edit this and post cause we're live. There is one more thing. I forgot to mention, Lady Aida. What? So instead of handing this email list of users to MailChimp. Yeah. Cause you have, you know, if you send emails. No, cause you have to notify emails. And by the way, everyone's like, what was the big deal? Send emails. Just wait till you try to send more than 1,000 emails. Like, it's not easy. So we decided to take it upon ourselves and this was a very challenging, delicate manual process. The emails that we sent to people never left Aaterfruit domains. We didn't hand it to a third party cause what I was worried about is, oh, Aaterfruit, like you had this thing that could have happened and then you handed it to MailLeague and MailLeague and MailLeague. Why did you use MailLeague? MailChimp and MailChimp send owned by Intuit and Intuit's always messed up. I got the chief marketing officer of MailLeague is like, how come MailLeague? Why did I call it MailLeague? She's always using my products. So anyways, that was one last tip. I completely forgot about that. That's how crazy we are about your data. We self emailed notified every person from at Aaterfruit.com. So you will, you will, it might be like the data notifications 23 at Aaterfruit.com. Yeah, no, we batched it out and we didn't let it leave our hands at all whatsoever. Okay, anyways, open source hardware. We do it. I got a lot of guides this week. We have 2,634 related to what's on the big board this week. Okay, okay. First up, speaking of Raspberry Pi, we have a little bit of update to the Raspberry Pi care and troubleshooting guide because we want to document the blinks on the board because the new firmware blinks to let you know what's going on with it. And so we added that to the guide. And speaking of, if you want a Pi 4, we didn't get to see this earlier, but I might as well say it now. We've had a lot of automated, the mob is still happening. We've had a lot of automated bots who when we put in Raspberry Pi 4s, they come in, they swarm and they purchase Pi 4s. And it sucks for the makers and engineers. I know you guys want Pi 4s. And I don't even think there would be a shortage if it wasn't that there were bots that are purchasing them to sell them. And I really want these pies to go to individuals. So we're now requiring for Raspberry Pi 4s and some other products that are also bot purchased to make an Adafrit account and to verify it. And we may also add the two factor requirement. I know it's not fun, but we really are trying our best to make sure that makers and hackers and engineers get these and not bots. And this is one of the first steps that we're doing because it's been very difficult for us to keep Pi 4s in stock. So please, if you want a Pi 4 in the next year, make an account, verify it, two factor authenticate it, you'll get a 20% off coupon. And then when we do have Pi 4s in stock, you'll be able to check out immediately without having to log back in. Don't want to mention that. Okay, what else? None Pedro did a 3D printed glow in the dark zipper pulse. So kind of a fun project, crafty project. We have an update to the ESP32 S2 Feather Guide. Thank you, Catney. She's been doing amazing with all the Feather updates. Yeah. In the next section. Yeah, the other chunk of guides we got this week. Okay, ooh, we have Carter wrote an amazing guide on working with iSquared C devices. iSquared C, it's a standard. So it's a standard, right? Okay, yeah, well anyways, we have a guy that talks about the iSquared C standard and all the things that are not quite standard about it. Why we make certain decisions in our drivers and circuit Python, how to deal with clock stretching, how to detect it, how to deal with repeated start, how to know when, how to analyze it, how to scan, all the little details, how long can the cable be? All the nitty gritty that this very simple protocol that was kind of intended for a temperature sensor has grown to like a massive deal. And we use them, because we have STEMI QT and we have now a lot of plug and play iSquared C, we're seeing a lot more people use iSquared C, which is good. But we also see people really pushing the boundaries of iSquared C, so we wanted to document that. We've also been updating the ESP32-S2 TFT Feather Guide. So that's really good. And we've got, oh, from JP, I think we'll maybe do a video for the personal and portable ESP32-S2 web server. So this was actually, I wrote this code when Wordle was just purchased by the New York Times. And I immediately like freaked out and was like, oh my God, what happens if Wordle goes down? So I was like, oh, you know what, it's a small enough website, it was famous for being so small. I was like, can I host Wordle on a Feather ESP32-S2 and host it from the file system? And it turns out you can. So if you'd like to make a little web server and the TFT shows the MDNS and the IP address and the status, this is a great project to use the mass storage on the ESP32-S2 so you can just drag the files over. So we like literally, W get the world site and then you just drag it onto the disk drive and like now it's served from you. By the way, if you're doing auditing data at your company, do not use this to host and serve that data to yourself. I'm gonna tell you that. More pro tips from us. Pro tips. And finally from Brent, if you've been using IO Wipersnapper and if you haven't, please do. It's free, check it out. It's a great no-code way to make IoT devices. He's now added a guide on how you, yes, you can add new components to Adafruit IO. We have the repo where we store the components and the images and the JSON identification for them public. And for our own documentation also because people can contribute, here's how you can add new components. And then when we approve your pro request, it shows up instantly in Adafruit IO. So a lot like Circuit Python, we wanna make it so other people can contribute, get their boards and components supported. All right, and that is our new products. Sorry, our guides for the week, we're gonna do new products because this was our security episode. So let's give you the code. Where's five, and let's jump right into new products this week, Lady Aida. Ready? Actually, can you give me, sorry, my demo is on the desk. Okay, great. You know what I'm gonna do? Can you show like 30 seconds? I'm gonna show some factory footage. So I wasn't expecting that. All right, Lady Aida's back. So now it's time for new products. Yep. All right. So I wanna do a thing right before we just show this, yeah. So special thanks to the folks from RISC because this is our first RISC board, which we're gonna show in a second. Put this under the overhead. They sent us RISC socks. So check this out. These are RISC. Where does it say? These are RISC five socks. Wait, hold on, hold on. Wait, no, yeah, here, I'll do it right here. Look at this. These are RISC five socks. It says RISC five on it. They do. And we have a section on our website for nice freaking technical socks. Yes, these are some nice freaking technical socks. And thank you, RISC for sending us out RISC socks with our first board. From RISC. From RISC, all right. So Lady Aida, what is the star of the show this week and the only product we're showing this week? Okay, it's one, but it's a good one. We have a new cutie pie and this time it's featuring the ESP32C3. And this is the first RISC five chip that we again, we've developed with. So it's pretty exciting. It's from Expressif. It's an ultra low-cost Wi-Fi Bluetooth chip with a built-in USB serial converter. Note, it doesn't do native USB. It's only USB to serial, plus like a JTAG debug mode. And it's at chip in the middle there. And it's kind of designed as a replacement for the ESP8266. It's got I think 400K of RAM and it's got four megabytes of flash. I don't remember the speed of the RISC processor, but of course it's a 32-bit processor. And we put it in the cutie pie. And it's actually kind of a perfect format because the ESP32C3 actually doesn't have a lot of pins. So this actually kind of uses like every pin that is available on the chip. You've got a HDMI QT connector for all those iSquared C devices. You've got USB-C, you've got the boot button to go to bootloader mode, the reset button, crystal on the back, some passives, a battery input. And that's it. It's very simple. And I've got a little demo here. This is actually uploading data to Adafruit IO. Let me just lock the focus lock. Okay. So this is the board. And so what I really like about this is that you can do no solder wireless projects. This is the cutie pie and the QT and the cutie pie is the stem of QT connector. So here I've got the OLED connected to the BME 280 and then I've got it sending data up to Adafruit IO. I will say that the ESP32-C3, it's stable and expressive, but it's still a little early. It is a totally new chip set. And so while a lot of stuff worked, we have to be, for example, for Wi-Fi to work with, with the native USB to serial converter, I had to be on the master branch. You can't, the latest commit, you can't use the release. The release has a bug in it. So it's a little bit like, this is the kind of people who want to experiment. I wouldn't necessarily get this as your first microcontroller or even first wireless board because I think you'll go a little nutty if you're like there's a bug and you don't realize it. That said, it's got BLE5, it's got Wi-Fi, it's got enough RAM to do TLS quite nicely. It's got all these pads. It's got a NeoPixel, four. It's actually got five analog inputs, a 12-bit piece that's got iSquared C, a hardware UART that's also used for debug and SPI as well as some power pins. So a very cute little board. I think, again, the C3 is at least as of this viewing, it's an early board, but I think if you want to experiment with risk five or you want to try out this new chip set, it's cool, check it out. All right, and that is new practice week. All right, well, don't forget code is risk five. And this week, because we have a shorter show because we wanted to go over our security stuff and more, we're going to go right to questions. Okay. So go to adafruit.it slash discord, start asking your questions, get to ask us anything about our security stuff that we just talked about. I hope we got through all the questions, but you can ask anything about our company, engineering, anything for Lady Aida and more. And here comes some questions. Ready, Lady Aida? Mm-hmm. Would you consider doing an Arduino to feather wing adapter? I don't know that I would because I think a lot of our dwindos, I know that they're not always five volts, but I kind of consider them five volts. So I thought it's risky because you have a fair chance of slamming your feather by putting it on an Uno and giving it five volts. So I'm not sure. Okay. The C3 power usage, then the 8266. The C3 has better power management for sure. Like you can do light sleep and deep sleep. Whereas on the 8266, the sleep mode was like really weird and funky. You can get it to work, but it was like you had to press the reset or it had to like self reset. The C3 has a much more mature sleep mode. I did measure, this board is not ultra low sleep. I think it's 200 micro amp in deep sleep because I don't turn off the neopixel. That's actually what's drawing the most current. There's not enough pins to do so. Okay. Next up is the QDPI C3 programmable from Arduino IDE. Yes. It's got a great micro Python port actually, which I used and it was like really sweet. And Arduino IDE support is provided by Espressif. All right. How does the workflow differ for two-sided boards? Do you have to do two cycles pick and place oven or can you oven both sides at once? You do the whole thing over again. One and then the other. Can RFID, WizKit by Smith Technologies be expanded to for more than five cards? Is there a way to get tag data in or out? We want to create a machine lockout system for our makerspace. It's a good question. So I actually think you should contact Smooth because the chip is pre-programmed so we can't change it. They wrote the code for it. Yeah. We also have some. James used to work at Adafruit. That's his company. So contact me is great. He might actually be like that's a good idea and make a new product. Oh, you know people make suggestions to us and a lot of the times those suggestions get turned into products. Not always, but a lot of times. Does a Discord text client exist? The GUI is really heavy. Daniel, I have an answer for you. So today I was talking to Catany and I had to start up Discord to tell people what time our show was. And I said, oh man, you know, the Discord client is just so big. And she goes, there's a beta version of it. You have to go to the Discord site. There's a beta version that's native on whatever computer you have and it's awesome. So apparently that is the way to go. I haven't tried it yet, but when I started up it went instantly. So yes. It would be cool if there was a Discord text client, but I think they like that people have multimedia and audio. Well, I mean, you got to make money off this thing somehow, right? Yeah. There's ads and videos and super chat and like, you can't. How can you charge for little things at the top if you can't charge for things at the top? Get a free note. Yeah. Next up, would you consider something like the FT223 to HL serial chip that would do serial and JTAG on ESP32 boards for and for others for SWD open OCD over serial? I do have some FT223 to HLs. I do have the FT232H, which is in the store already, which you can use for JTAG. The 2232 just has two, so you can do like serial plus JTAG. I don't know that it actually does SWD. I'm pretty sure it doesn't actually. I've never seen anyone use an FT232 for SWD only for JTAG with open OCD. I might do a breakout. I'm not sure. It's a lot of pins. Yeah. Can two lithium ion batteries be wired in parallel because of space constraints? No, don't do it. Just get a larger pack. Sorry. It's not a good idea because they're not balanced. Okay. Someone wants to know anything you, anything else you learned about social media? Yes. So the more the public figure, it's arguable if I am or not, but what I noticed is some people went to my personal account and they looked at who I was following and they wanted to figure out stuff about me. They looked at who I had blocked in the past. And so because we put who runs the Adafruit account, we link to Lady It Is Twitter account and my Twitter account, I also think that if you're going to do a security disclosure or if you're gonna do some type of live thing or any type of thing that you're gonna do on Twitter, you should say who you are if you're doing stuff for the company, but you should also know that on Twitter, people also judge you based on your follows. And in this particular case, we were judged on some past blocks. So I would say just be smart about that. I mean, you should manage your social media the way that makes sense for you, but know that if you follow someone and then unfollow them, some people have a service that notifies and they're like, look, they followed me. No, they don't follow me anymore. And I blocked them. I think a lot of folks' identity is tied up in these social media networks. And I'm not gonna dunk on it all. I totally get it and I totally understand it, especially for the last two years, like a lot of us have been not able to connect with a lot of people. So I would say just be careful about that and just be aware that what your profile is says a lot more about you than it used to. Way more than when first Twitter started. Who you follow actually matters now. It symbolizes something. You might be like, oh, this person just like made a funny tweet once and I followed them. But yeah, it's for some people that can mean something that can have more meaning than just- So that's another thing I learned. Your follows and unfollows, sometimes real time, can send a signal to someone. So just be aware, like, I'm not saying change your behavior. Just be aware that that is something that's now true. That people look at, yeah. Yeah, people look at. Next up, I would, question. I'm getting excited, getting my hands on ESP2 feather with eight megabytes of flash and two megabytes of p-thoram. Do you think you'll have a Hizah version with all the pins broken out? I guess I could revise the Hizah. I tell you, we don't sell a ton of Hizahs. I feel like the feather is really a good version, but I am thinking about it. I could kind of bump the Hizah up to a new version. Okay, do you recommend any 3D printer shops? Yes, they want to- Shaveways. What was the one that we just did with- Oh, I did- Was it JLPPCB? JLCPCB has a 3D printer. It actually came out quite nicely. It just takes a couple weeks. Yeah, they want to print out the feather cases, but they don't have access to the 3D printer. Yeah. I think JLCPCB will do it. You just have to upload it and it's just a thing. Yeah. All right, that's the questions for tonight. Well, thank you everyone. Appreciate questions. We'll see everybody next week. Don't forget the code. Here's verse five. Yes. And lessons learned. A little bit of a black eye in the social media world, but I hope that we were able to answer everyone's questions, and I'm going to put this video on the page of our disclosure page, and maybe this will be a new thing. I think that we have growth. You and I, I think we both- We actually both love to- I don't say love to make mistakes, but when we make mistakes, we learn from them. Either you win or you learn something. Yeah, I feel like, you know, I didn't choose this. It chose me, and I'm thankful for it, which is we're supposed to show our work at all times so other people can learn from it. Yeah. And sometimes that's a joyous experience. Look at this electronic thing, look at this other thing. But sometimes, you know, if you missed a mark on something, you should still show your work because you can help others. And that type of help is the most interesting, rare form of help because you're willing to be vulnerable. And I don't know if this is true for everyone, but I think that there always is a little bit of pain, maybe a little bit of suffering, sometimes a lot, when you grow and learn. I know it, maybe it's like a workout analogy. Yeah, you're like sore the next day. Like the muscle, like you have to tear the muscle a little bit to make it stronger. Give it a disclosure, hangover. And I feel like that when you're gonna grow and you're gonna learn, it's always gonna hurt a little bit and you should embrace that, not fear it. And I hope that other people realize that at least in the Adafruit community in the world, we're here to help you grow, even if it means we get punched a little bit. Well, that's what open source is about too. Like I made mistakes. Like we had to redesign the ESP32 SQQT pipes came out, you know, my new version last week because it's like, I fucked something up, you know. And it's like, how did you fuck that up? Like you should have checked it. And I'm like, yeah, I thought I did check it. I didn't, I fucked it up. I'm gonna change my process. So thank you so much everybody. Thank you, Risfai, for the cool socks. And we'll see everybody next week. Same time, same channel. Yeah, same time. For not working. Yeah, well, it works. You just have to, you just have to be really motivated. It's trying the best again. It's been a native fruit production. Thank you very much everybody. Here is your moment of zener.