[HN Gopher] Adafruit requires 2FA to prevent bots buying out Ras... ___________________________________________________________________ Adafruit requires 2FA to prevent bots buying out Raspberry Pi Author : 7402 Score : 191 points Date : 2022-03-22 17:49 UTC (5 hours ago) (HTM) web link (blog.adafruit.com) (TXT) w3m dump (blog.adafruit.com) | paxys wrote: | How does 2FA stop bots? | tormock wrote: | ESP8266s can be used for a lot of things that people use RPi | for... and they are a lot cheaper. | | I just sold 2 used RPi that I bought ~10 years ago for more then | what I paid for them brand new... | n4bz0r wrote: | I've been wondering about that myself, but then it's occured to | me that there are very poor countries where kids simply don't | have access to no computers at all. The appeal of Pi in this | situation is that you can program _and_ prototype on the thing, | and it 's relatively affordable (well, at least it is supposed | to be). For ESPs you'd need a separate device to write and | upload the code. | chmod600 wrote: | What's the background here? Why is this model so popular? Are | previous models a viable alternative for some? How long until | production can catch up? | wnevets wrote: | It seems like online scalping in general has skyrocketed since | the pandemic started in 2020, the most famous probably being | GPU cards. | stjohnswarts wrote: | And the ubiquitous ticket scalper bots. | sbierwagen wrote: | Scalping happens when the list price is lower than the market | price. | | Nobody scalps shares of Alphabet, because the price floats. | Merchants don't want to increase list prices, because they'll | get yelled at, so instead they run out of stock and middlemen | collect the arbitrage price. If you don't like it, tell | stores to increase prices, and tell CNN to stop running | stories about how awful greedy businessmen are causing | inflation purely out of spite. | chmod600 wrote: | I was interested to hear more about why this model is so | exciting. Any thoughts, or just faster/better? | HeyLaughingBoy wrote: | I think it's just because it's the newest model and for | many newest == best. Also, they're cheap, so the difference | between a pi4 and a pi2b isn't that much $$$. | noobermin wrote: | It's across the board, with GPUs, things like these pis, | retro games and accessories even, it's pretty annoying. | | Thankfully necessities like TP and masks are no longer being | scalped but it's still happening in electronics. | [deleted] | hashkb wrote: | I don't understand what's so hard about this problem - if you | have a platform that's impacted by bots and scalpers, and if you | want to do the right thing, or give the appearance of doing the | right thing with almost no cost to yourself or your business, you | should release your product in a fair lottery with reasonable | purchase limits. | | You have plenty of time before the product is released to | register and verify everyone. You completely avoid traffic | issues. Accounting is easy - you'll sell out when you run the | lottery. You'll build a reputation for releasing inventory fairly | and without causing undue stress on your customers, and avoid the | suspicion that you're in cahoots with the scalpers (looking at | you, Ticketmaster). | | I'm accustomed to stressing out over concert tickets and | struggling to get gaming consoles, and have a deep hatred of | scalpers and the platforms that enable them, but I had no idea | that scalpers were ruining the educational/hobby markets too. | That seems really low. | n4bz0r wrote: | Given one of the goals of the project is to allow young people to | have an affordable PC to learn linux and programming, it would | make sense to reserve a part of the stock for verified students | (or teachers) at MSRP. | cinntaile wrote: | Fixed pricing with scarce goods tends to lead to this result, | just let supply and demand sort it out and this problem wouldn't | exist. Trying to fix this by using 2FA won't change much, it's | just an arms race where each side keeps investing more and more | money into fixing a problem that doesn't have to exist in the | first place. | colechristensen wrote: | There are a lot of people who want to play arbitrage with rare | goods, if you have enough money you can do it with just about | anything. It is perfectly fair to want your market segment to | be to deliver cheap rare goods to people without many | resources. | | Sometimes arbitrage helps make efficient markets, other times | it is just a drag on the economy. It is perfectly fair for a | provider to not want to only provide goods to people with many | resources or scalpers. | | RPi is also just not a good deal if it is significantly more | expensive, there are lots of more expensive options out there | for small computers which have better specs and are more | readily available. | teeray wrote: | > RPi is also just not a good deal if it is significantly | more expensive | | Then the price will fall to the point where it's a good deal, | but still more expensive than what it is now. | | Maybe it's not the $5 Pi Zero anymore, but $50 might not be | too bad. | cinntaile wrote: | > It is perfectly fair for a provider to not want to only | provide goods to people with many resources or scalpers. | | Yes but I doubt this will achieve that goal, at most it'll | work for a couple of weeks. Also I very much doubt that RPis | are being bought by financially disadvantaged people to learn | valuable computing skills. These things are bought by people | wanting to automate something at home, they're usually well | off. Schools and training centres don't buy via the Adafruit | retail channel. | WheatM wrote: | zozbot234 wrote: | As others have pointed out, AdaFruit likely _cannot_ raise | their selling price for these Pi 's due to prior contractual | arrangements. They're essentially forced to ration their | supply, and all they can do is make the best of a pretty bad | situation by at least trying to act fair (i.e. limited buys | only) and rewarding their existing customers with preferential | access. | samwillis wrote: | > just let supply and demand sort it out and this problem | wouldn't exist | | That would go against the mission of the Raspberry Pi | Foundation which is to promote computer science education. | Accessibility though low prices is an important aspect of that. | | Not all problems are solved with free markets. | | https://en.m.wikipedia.org/wiki/Raspberry_Pi_Foundation | lvass wrote: | There's just no way to look into this and not think they are | doing an absolute shit job. A raspberry pi 4 costs the | equivalent of 200 US Dollars in Brazil, more than some brand | new laptops. Most of our population do not have computers, | RPi avaliability would be awesome for us. | | Allowing some people in some countries to get it for $35 is | just the lazy solution. I'd be glad to pay $50, because I'm | able to. Put in some effort so the ones who really need it | can get it cheap. Sell it at real market value for the rest | of us. Doing good things require effort. | Ajedi32 wrote: | Lowering prices doesn't make the product more "accessible" if | you can't supply enough to keep up with demand at that price. | It just turns the purchasing process into a lottery rather | than a bidding war. I can't say I find the former process any | more in line with the Pi foundation's stated goals than the | latter. | zht wrote: | so let's say that you target people who can only afford $30 | computers | | if it's a lottery, then some of those people would be able | to buy it at $30 | | if it's a bidding war, then none of them would be able to | buy it at $30 | [deleted] | AussieWog93 wrote: | >so let's say that you target people who can only afford | $30 computers | | I cannot name a single person who has bought a RPi that | isn't either a generously-compensated STEM worker or a | member of their immediate family. | | I also cannot name a single person who has bought an RPi | that doesn't already own a mid-to-high-end desktop or | laptop. | | Poor people buy used smartphones or refurbed ex-office | PCs. | | EDIT: This probably explains why there's a strong | scalper's market for this, thinking about it. Raspberry | Pi's typical customers are wealthy enough to not care | about paying an extra few bucks. | Ajedi32 wrote: | That makes sense, assuming "people who can only afford | $30 computers" are your _sole_ priority. If you also care | about, for example, "people who can only afford _$40_ | computers ", then a better approach would be to raise | prices to match market value and use the resulting | profits to increase supply. | HeyLaughingBoy wrote: | As another poster noted, a lot of businesses are basing | their product lines on the Pi and Pi Compute Module. To | those businesses, the market price can rise well past $40 | and completely out of the "hobbyist price range" before | it becomes worth it to them to find alternatives. With | the difficulty of finding components these days, that | "increase in supply" that the increased revenue brings to | the Pi Foundation may not come for a very long time. | | I developed a pi-based system for a well-known company | that now has a few hundred deployed at various sites. I | can assure you that they wouldn't blink at $200 each. | There are businesses out there redesigning their products | because they can't find _any_ at all. | londons_explore wrote: | If the goal is 'get it into the hands of students to | further computer science education', then the lottery might | end up getting more into student hands than an auction. | Remember students are pretty poor compared to VC backed | startups trying to deploy their latest IoT blender with | Blockchain technology. | eikenberry wrote: | Are they selling them at a loss? If not then the market would | work fine, they just need to increase production. Maybe | they'll make enough money to give some to students that way. | cinntaile wrote: | Yes the free market can't solve everything, but we still have | to wait for the free market to solve the supply chain issues | before this situation will improve. They could temporarily | let go of their fixed pricing rule in the meantime. | digitallyfree wrote: | As an aside, used thin clients and industrial PCs are a good x86 | alternative to the Pi if you require similar performance and | don't need GPIO. They are quite plentiful on ebay, include a | housing, and consume little power. | amelius wrote: | Better let the bots through, let them pay, then say that the | items are on backorder. | | >:) | dzhiurgis wrote: | I've recently sold my 2-3 yr old unused RPI and made a profit, | thats insane. | cjcampbell wrote: | Glad they took this step to slow down the bots. The situation has | been rough since rpilocator.com came along. I haven't been able | to complete a purchase since the week it hit HN. | | I use the pi for teaching, and could previously pick one up every | couple weeks just by signing up for stock notifications. I was in | the middle of a purchase in February when rpilocator updated to | show stock and Adafruit went offline due to the traffic surge. | The disruption lasted about half an hour. | syntheticnature wrote: | Clever way to become the site of _first_ resort for makers and | engineers. | ephbit wrote: | What's this about? | | Are the bots operated to manipulate the market, by buying up the | whole supply to then sell at a higher price? | throwaway81523 wrote: | Sometimes the bots are just because people want the items for | themselves. I know of some companies that bought 1000s of disk | drives for their data centers that way from retailers, back | when there was a drive shortage a few years ago. | teeray wrote: | The bots are middlemen that ensure proper pricing of scarce | goods. Their commission is the difference between the retail | price and the actual market price. | Karellen wrote: | It's a roundabout way of stating the 55th rule of | acquisition, but I'll allow it. | | Or is it the 110th? | | (The 140th and 144th also seem relevant here.) | stjohnswarts wrote: | Sorry, bro, if I'm selling a product, and part of my goal is | to see "regular people" get a chance to buy it and get a | decent price it's well within my rights to try methods to | limit scalping, just like governments prevent gas/food | overcharging during emergencies. Not everything is a "pure" | market. | [deleted] | dymk wrote: | The bots ensure that steps are taken such that scares goods | are distributed in a manner better than "whoever can pay the | most". | | RPis have, and will continue to be, aimed at education and | enrichment, and the makers/retailers will take steps to | ensure that as many people as possible can get ahold of them | at a low price. | Ajedi32 wrote: | If you want to start making value judgements about who is | worthy to purchase your product, wouldn't it be better to | enforce that by directly verifying the identity/worthiness | of each individual customer rather than relying on crude | proxies like "didn't use a bot to make the purchase"? | unfocussed_mike wrote: | It's not a crude proxy. | | In this case it is a vendor deciding not to sell to a | customer who is acting in a way they perceive to be bad | faith. This is their right as a vendor. | | In this case it happens that the bad faith is at | comfortably odds with the objectives of the vendor and | product manufacturer. | | As high incomes diverge even further from low (and even | median) incomes, we're doing to see this happen a lot | more. | | And I think until this chip shortage is over in | particular, we will see a lot more measures like this. | | I fully applaud this -- I love my Pi 4 and I want more | people to experience what these little things can do, | without paying over the odds to cynical manipulative | stains. | ryandrake wrote: | Not sure why you're getting DV'ed. If a product is priced | such that it is actually profitable to have bots buy it (and | presumably re-sell), then it's priced incorrectly and the | bots are a corrective market force. | | If a gas station started selling gasoline at half price, it | would be instantly overrun with everyone from Harry with his | pickup truck full of jerry cans to empty tanker trucks. | giantrobot wrote: | The demand for the Pi has always been about the low price | coupled with capability. The Pi is impressively capable for | $35. It's far less impressive at $50. It's downright shit | for $100. | | Scalpers are going to slit their own throats by price | gouging Pis. Demand for Pis will dry up if the price stays | at $100. | colechristensen wrote: | With enough money you can corner any market and turn an | abundant product into a rare one. | | Tends to make a lot of money for a few people until the | market inevitably crashes which often puts many of the | suppliers out of business. | | https://en.wikipedia.org/wiki/Tulip_mania | | https://en.wikipedia.org/wiki/Onion_Futures_Act | criddell wrote: | Wasn't that long ago that somebody tried to corner the | cacao market. | | https://www.nytimes.com/2010/07/25/business/global/25choc | ola... | teeray wrote: | This doesn't always work out, and can destroy the | speculator too. Imagine how many piles of hand sanitizer | and toilet paper are out there, bought to resell for | profit. | logifail wrote: | see also https://en.wikipedia.org/wiki/Nelson_Bunker_Hunt | mardifoufs wrote: | Attempts to corner markets have always almost resulted in | disastrous losses for the conspirators. Not that | cornering the raspberry pi market would even be possible | or make sense. | unfocussed_mike wrote: | I think you're ignoring that there now entire classes of | wealth where value for money is entirely secondary to | instant gratification. | | Anti-scalping measures are going to be necessary more and | more often as the super-rich diverge from the merely rich | and the rich diverge from the poor etc. | nonameiguess wrote: | Raspberry Pis are developed by a literal charity that has | making computing and computing education affordable as its | mission. That's why he's getting downvoted. This attitude | is effectively saying charity should be punished and profit | is the only worthy goal any organization should ever have. | kube-system wrote: | If you want to take the pure economics argument -- you have | failed to account for the present value of future business | that Adafruit will generate by keeping their repeat | customers happy. | postalrat wrote: | If bots are corrective then what would you call adafruit | avoiding selling to bots? | fartcannon wrote: | Vultures, parasites, vampires. | jterrys wrote: | The world isn't a stock market simulation. | atsmyles wrote: | This is true. However, it is not the whole story. | | 0. Adafruit cannot raise prices of rpis due to contract. | | 1. Adafruit makes the same amount of money regardless of who | buys the product. | | 2. It is in the incentive of Adafruit to increase it's | customers good will. It is considered an asset for Adafruit | (Companies account for this via 'Good Will'). | | 3. People generally don't like scalpers, "Scalpers bad" | | 4. By providing means to avoid scalpers, they are capturing | some of the profit that scalpers would be making and | converting it to a 'Good Will' asset, "Adafruit Good" | | 5. 'Good Will' + money > money | | Thank you for participating in economic analysis. | meltedcapacitor wrote: | Point of order on 2: | | Companies do not account for this as "good will". | | Accounting "goodwill" is the price an acquiring company | pays above the accounting value of the business being | bought, which is a notional number usually (much) lower | than the economic value of a successful business. | | https://en.wikipedia.org/wiki/Goodwill_(accounting) | MereInterest wrote: | All hail the free market! The free market is wiser than any | of us. If you sell at cost, the free market will, in its | wisdom, increase the price. If you make a good product, the | free market may move it above your family's means. Any | charity you give is a distortion of the market, distortions | which prevent the creation of luxury goods! | | All hail the free market! Let it be free, and may our own | freedom be priced accordingly! | 34679 wrote: | https://news.ycombinator.com/newsguidelines.html | | > In Comments | | > Be kind. Don't be snarky. Have curious conversation; | don't cross-examine. Please don't fulminate. Please don't | sneer, including at the rest of the community. | AussieWog93 wrote: | I don't think GP's comment is particularly unkind or | mean-spirited. It could be a cultural thing, though. | MereInterest wrote: | While it could be argued whether I was being unkind, in | re-reading I certainly wasn't being kind, and there was | no small amount of snark. While I stand by the sentiment | behind the comment, I don't think it is likely to change | the mind of the poster I was replying to. There's a | chance that it would avoid having the conversation turn | into an extremely capitalist/libertarian echo chamber as | commonly happens here, but that's about the extent of it. | | Partly, the mindset that evident in teeray's post was | rather frustrating. Implicit in the post was a dismissal | of the Raspberry Pi Foundation's goals of providing low- | cost teaching hardware, an assumption that re- | distribution to those who can pay more is a good thing, | blame at Adafruit for not having priced out the primary | target market in the first place, and praise for scalpers | who are standing between a charity (RPF) and its intended | recipients. None of those were explicitly stated, but | those are the implications and results of the philosophy | in that comment. It's a cruel, unkind, and mean-spirited | philosophy, which is why I felt it appropriate to respond | with snark. | cinntaile wrote: | So who are these intended recipients and how certain are | you that they're the ones buying them? | internet_user wrote: | Whats your preferred method of rationing scarce resources? | colechristensen wrote: | Putting severe limits on people who would arbitrage the | rarity when the seller doesn't want to raise prices. | Allowing the seller to determine how they want to | distribute sales of the item (as long as it isn't price | gouging essential goods) | kelnos wrote: | Why should "whoever has the most money" or "whoever is | willing to pay the highest price" be the fairest way to | ration scarce resources? | | Speculative resellers don't actually provide any value. | They just extract extra cash from people who want | something, when -- absent the retailer with automated | buying tools that are faster than humans -- those people | could have acquired the product from the original seller | at a lower price. | | I think "whoever gets through the website order form the | fastest" is a perfectly reasonable (if often frustrating) | way to ration scarce resources. You get in line, as a | person, and get to buy some limited quantity for your own | personal use. | | Certainly no one can outright ban a secondary reseller | market, but I think it's perfectly reasonable for a shop | to want to sell to real end-users rather than people who | will just turn around and scalp people who could have | been potential customers... customers who are now | frustrated and get a worse experience. | teeray wrote: | > I think "whoever gets through the website order form | the fastest" is a perfectly reasonable (if often | frustrating) way to ration scarce resources. | | Until you put the FTTH connection in Ashburn, VA sitting | next door to every major cloud provider against the 3G | user in Somalia. | | Clicking through the form degenerates to an unfair | lottery where you can buy more raffle tickets by paying | more to your ISP. | AussieWog93 wrote: | > Why should "whoever has the most money" or "whoever is | willing to pay the highest price" be the fairest way to | ration scarce resources? | | It's not the fairest, but it is definitely better than | arbitrary. If Alice is willing to pay $5 for a widget, | and Bob is willing to pay $50, it's likely that Bob | values the item more than Alice does. | | It's also possible that Alice is simply poor, of course, | but I can't imagine how a practical system could take | this into account without also destroying incentive | structures. | | >I think "whoever gets through the website order form the | fastest" is a perfectly reasonable (if often frustrating) | way to ration scarce resources. You get in line, as a | person, and get to buy some limited quantity for your own | personal use. | | This is arbitrary, IMO. Might as well hand them out to | whomever can win a race in Mario Kart. | kube-system wrote: | Adafruit isn't "rationing scarce resources", they're | trying to provide good service to their customers. | Adafruit is an actor in a "free market" acting in their | best interest. | internet_user wrote: | i don't disagree, adafruit is probably acting in their | best interest, however they perceive what that interest | might be, it's not always just "more profit", more often | than not, it's a matter of survival that is at stake. | | My issue was with the comment somehow suggesting the | entire system (Big Bad Market) is somehow less wise than | an individual actor. | | Yet, the entire system contains much more information, | that the individual actor does not, and can never have | access to, e.g. value judgements of other market | participants he will never meet. | | Markets, at the core, are just auctions. It's one way to | resolve the question who gets the scarce resource first. | At other times, it's medical triage, a system very | different from "free markets". It can also be first-come, | first-serve, which is what currently being attempted by | Adafruit now. | | Many such options. Why is "free market" judged to be | inappropriate here? | | From my experience in markets with severe shortages, | first-come/first-serve rationing approach never failed to | produce a poor supply, and free floating markets were | always oversupplied (to a varying extent, but in general | there was a trend). | kube-system wrote: | Sometimes people express a sentiment that the | supply/demand curves are more than just tools to evaluate | a situation, but instead, are a sacred ideal to always | strive towards. But economists also recognize that | markets are awful at pricing in externalities, and even | worse at respecting morals and ethics. | kelnos wrote: | This is the core of it for me. | | The base Raspberry Pi model is supposed to cost $35, | because the Raspberry Pi Foundation has decided that | offering a low cost SBC is important for the world. | | Using a bot to buy up all inventory so you can resell it | at $50 or $100 or whatever is unethical. You have | provided no added value; you are just a parasite scalping | others for your own enrichment. | | If this is what a "free market" is, as many people here | seem to think, then free markets are objectively bad for | the commons. | cinntaile wrote: | It's not a free market since the manufacturer determines | what the stores should sell it for and the result is a | middleman extracting the value between set price and | market price. | MereInterest wrote: | Exactly! Treating the good intentions of a seller as an | opportunity for arbitrage is unethical. | teeray wrote: | If the resources weren't scarce, this article wouldn't | exist. | kube-system wrote: | I never said they weren't. I am saying that Adafruit is | not playing economics. They're kicking bulls out of their | china shop. | [deleted] | mfringel wrote: | My preferred method is overly broad rhetorical questions | that add nothing to the conversation. Also, spatula. | | Yours? | shkkmo wrote: | There a many ways to ration scarce resources. Each method | serves different goals so different methods are | appropriate in different contexts. | | Here's an incomplete list of common tools: | | 0) fitness judgement (e.g. grants, scholarships etc) | | 1) First come first serve (e.g. most product launches) | | 2) lottery (e.g. grand canyon rafting permits) | | 3) auction (e.g. broadband spectrum) | | 4) third party speculators (e.g. scalping) | | You can often use several of these methods | simulatenously, but if your goals include prioritizing | egalitarian access to the scarce resource then #4 can | significantly interfere with that goal. There's a reason | you aren't allowed to resell grand canyon rafting | permits. | NextHendrix wrote: | >grand canyon rafting permits | | Interesting, I had no idea. | | More info https://www.nps.gov/grca/planyourvisit/weighted | lottery.htm | shkkmo wrote: | It's actually extremely relevant as the weighted lottery | system for non-commercial permits was used to replace the | prior system which was a first-come first-served | waitlist. It's a great example of evaluating different | methods of rationing access to a limited resource when | the primary goal is not maximizing revenue or efficiently | distributing resources for maximum economic production. | jabroni_salad wrote: | Are they actually scarce, though? Is it legitimate | customers, or botted speculators, that create more | demand? It seems to me that someone has realized the | product is slow enough they can afford to just buy all of | them to resell regardless of actual demand. I used to do | this with glyphs in WoW and got a lot of hate mail for | it. I was buying cheaper glyphs in such quantities that I | would delete a good third of them due to warehousing | capacity and was still making money reselling other | peoples products, and even then I was not selling 100% of | my stock. To me this means that demand was actually lower | than what the market could bear if it werent for me | pinning it at 100% by buying literally everything. It's | totally abusive but nobody can do anything about it. | fmajid wrote: | All official RPi resellers are required to sell them without | forced add-ons, at the list price. The scalper bots are trying | to arbitrage that. | | I think a CAPTCHA in the ordering process would make more | sense. | AussieWog93 wrote: | >I think a CAPTCHA in the ordering process would make more | sense. | | There was another thread here a while back where someone | shared their experience writing sneaker scalping bots. | Apparently, CAPTCHA tokens are valid for a minute or so, so | this guy would solve heaps of them just before the form went | live and cache the validation tokens. | | Then, when the form went live, the real humans who didn't | have cached CAPTCHA tokens would be slowed down even more. | | Net result is that the botters ended up getting an even | greater share of the supply than without CAPTCHAs. | folkhack wrote: | > Apparently, CAPTCHA tokens are valid for a minute or so, | so this guy would solve heaps of them just before the form | went live and cache the validation tokens. | | I mean there's whole services like 2captcha that give you a | 24/7 on-demand API for this, and for some of their | offerings/solvers there are specifically real human robots | on the other end doing the CAPTCHA. | | 2captcha works very very well to the point that CAPTCHA is | a very much solved problem especially for the popular | services like Google's reCAPTCHA. | Scoundreller wrote: | I wonder how much retail arbitrage is just leaks by the | resellers themselves. | | But always better to blame scalpers. They can't defend | themselves if they don't even exist. | folkhack wrote: | > retail arbitrage is just leaks by the resellers | themselves | | Anecdotal, but IMO lots... just depends on the industry. | | It's a good situation for someone to come along and buy up | some or all of your risk - especially for stuff like ticket | sales. Many corporations like Ticketmaster design around | this, and bake this part of the supply chain into their | pricing/experience. | bradly wrote: | FWIW I missed reservations to a national park because I use | Firefox and Google made me click traffic lights and buses for | thirty seconds before being able to continue. | dljsjr wrote: | I guess you could call it market manipulation but it's more | just resellers/scalpers trying to take advantage of the chip | shortage. RPis have always been in high demand and often were | backordered even when things were fine; now they're supply | constrained enough that scalpers can buy up in bulk and resell | at high markup, similar to the GPU aftermarket going on right | now. | jason-phillips wrote: | Yes, in many industries. | vmception wrote: | What Adidas did was release 30,000 NFTs and require proof of | current possession of one of the NFTs (colloquially called | 'ownership', just hoping to avoid a semantics discussion) to gain | access to the purchase of some new merchandise. | | If bots were not in the sale then they will not be able to | purchase the merchandise. Bots can purchase one of the NFTs from | someone else usually at a premium, to participate. The bot | developer needs to do some additional coding. | | In any case, the merchandise buyers now get to feel like its more | fair, even with the presence of potential bots buyers, since a | stake was placed. The market has priced the NFTs based on how | much they think the subsequent merchandise will resale for. | Currently these are worth $4,300 and Adidas initially sold them | for $800 and at least $84,000,000 in volume over 4 months. | | Adidas gets the proceeds of the initial NFT sale, a commission | from the NFT resales ("royalties"), as well as the proceeds from | selling the merchandise. | | It's a form of an additional factor. | shkkmo wrote: | I sure hope more companies don't adopt this sort of | gatekeeping, that sounds awful for the people who actually want | to wear the shoes and great for the speculators who are abusing | that demand to make money. | | If you have limited runs that you want to sell fairly and | maximize profit on, why not just do a regular auction? | vmception wrote: | I think what you're missing is that Adidas and many | streetware companies have already gone decades without | acknowledging that their purchasers for certain merchandise | are scalpers and speculators. | | Its a massive scene that has grown by orders of magnitude | over the last decade like many other scenes. | | The only thing new here is that adidas finally acknowledged | it. | shkkmo wrote: | I'm not missing that fact. I think that NFTs are a bad, | customer hostile solution to that problem. | vmception wrote: | Its more of a byproduct of a marketing push than an | attempt at a solution. | | I didn't say Adidas did this _because_ of a problem, they | did this for fun. The problem is also distorted due to | it. | | In the context of Adafruit's issue, the same model would | have a result a bit more different than a one-time- | password implementation. | shkkmo wrote: | > Its more of a byproduct of a marketing push than an | attempt at a solution. | | > I didn't say Adidas did this because of a problem, they | did this for fun. | | This, I absolutely agree with. | | > In the context of Adafruit's issue, the same model | would have a result a bit more different than a one-time- | password implementation. | | Adafruit is trying to keep access affordable, so the | Adidas model isn't appropriate to their goals. | vmception wrote: | mmm yeah forgot that was one of the purposes of the | Raspberri Pi, I just noticed that the 4's are too good | | and they noticed it too apparently | criddell wrote: | What you call _gatekeeping_ , Adidas would probably call | _price discovery_. | shkkmo wrote: | An auction seems like a much simpler way to do price | discovery without excluding that part of your customer base | that doesn't know how to use an NFT (or doesn't want to.) | | Edit: The market is for the NFTs, not for the shoes | themselves. It isn't clear to me how Adidas is able to | separate demand for the shoes themselves from speculative | interest in making money off of the NFT. Markets can indeed | be great price discovery mechanisms, but rampant | speculation can significantly tarnish the effectiveness of | that mechanism because the pricing can become more | dependent of the market's understanding of demand rather | than on the demand itself. | vmception wrote: | > The market is for the NFTs, not for the shoes | themselves. It isn't clear to me how Adidas is able to | separate demand for the shoes themselves from speculative | interest in making money off of the NFT. | | The real question is why assume that was a goal? | | Adidas and many companies don't raise the MSRP | specifically because they know they have a price | sensitive audience and reputation. This gives them | plausible deniability, the ability to sell an additional | product and financial exposure to the volume in the | secondary market anyway. | shkkmo wrote: | > The real question is why assume that was a goal? | | I didn't assume that. I was disputing as assertion that | "price discovery" was the goal and that somehow made this | not "gatekeeping". | vmception wrote: | and so do I | | Glad to see mechanisms for the primary seller to accrue | value from the secondary market. | kelnos wrote: | I don't think it's ever "fair" when bots buy scarce things that | humans want. (Assuming, here, that the bot owners are buying | for speculation, and not for personal use. I think it's a | little more grey, but more or less ok, when an individual | writes a bot so they can snag a single unit of something that | they want.) Putting the sale behind NFT possession (where a bot | could purchase the NFT in the first place) doesn't really | change anything. | | Adidas' NFT scheme just acts to inflate the price, which is | probably fine for a limited luxury good; certainly Adidas would | rather capture more value per sale than leave that value to | speculators/resellers. But for something like a Raspberry Pi, | an end-user being able to acquire one for $35 is a key part of | its appeal. If they're "bid" up to several hundred dollars | through this auction-like NFT scheme, that defeats the purpose. | | While I'm not sure 2FA is the most effective way to weed out | bots (maybe it is, I don't know), I think it's perfectly | reasonable to try to set up a marketplace where all buyers are | individuals who are buying the product for their own use, and | aren't scaplers/speculators. These latter sorts of people are | just parasites and usually provide no real value. | tuxoko wrote: | How does it change anything other than Adidas getting the | profit of inflated price? And if Adidas has an idea of how the | resale price would look like to price their NFT, why don't they | just price that into the shoes themselves? | vmception wrote: | Adidas and many companies don't raise the MSRP specifically | because they know they have a price sensitive audience and | reputation. This gives them plausible deniability about the | real demand and more accurate market based pricing, the | ability to sell an additional product and financial exposure | to the volume in the secondary market anyway. | | Correct, they get to profit off the inflated price, and they | finally get to acknowledge their speculator purchasers who | they've been ignoring for decades. The speculator purchasers | feel like they have a more even playing field. | advisedwang wrote: | What stops automation of grabbing the initial NFT release? | vmception wrote: | Nothing and that wasn't the goal, current owners of the NFT | can also develop bots for when the merchandise is released | for purchase. It just limits the size of the participant | pool, how many bots are being competed against and shows what | those bot owners would be willing to pay for access because | of what they think they can resell the merchandise for. | | Adidas previously never had exposure to the secondary market | of its goods, now it does and it also discovers the price at | which people want to buy and sell at. Individuals can attempt | to buy NFTs from the bot owner, the bot owner _might_ have a | price. If they do, the individual gets the NFT and can buy | the merch. In all scenarios, Adidas makes some commission. | lagrange77 wrote: | Maybe these are just some pitiful injured robots, trying to get | hold of some spare parts for self repair. :'( | charcircuit wrote: | If you want to prevent scalpers just sell the new units that come | into stock in a reverse auction. Start the price at $500 and | lower the price by a dollar every minute. Once all of the stock | is sold out you charge everyone the price the last unit was sold | for. | | In this system bots don't have an advantage over humans. Humans | can preinput what they are willing to pay and there will be no | race against bots like what you see here. | snapetom wrote: | For anyone confused in setting this up, the App is Twilio Authy | in the Apple App Store. The logo in the app store has little | contrast and the Adafruit blog post just calls it "Authy" which | returns dozens of 2FA apps. | cheeze wrote: | It's just oauth totp. You can use whatever 2fa authenticator | you want. I like the one built into BitWarden personally. | | Authy works fine too (there is a good authenticator app that is | actually called Authy) | Izkata wrote: | > and the Adafruit blog post just calls it "Authy" | | Twilio acquired Authy in 2015, but didn't put their brand on it | until a year or two ago, so a lot of people just call it | "Authy" out of habit/without knowing Twilio owns it. | azinman2 wrote: | You can use any 2FA app such as 1Password | atlgator wrote: | Is there a particular use case making the Pi 4 so in demand? | ohyeshedid wrote: | *OTP isn't much of a barrier. SMS would've increased the cost a | little more. Both easily automated. I know retailers are trying | to fight the tide, but they're going to need more than teacups. | alexk307 wrote: | Good. Supply is so limited right now, but everyone should be able | to get one at MSRP if they want one. The whole goal of the Pi | project is to make computers affordable to enable learning and | prototyping. I pre-ordered a Pi 4 about 3 months ago, and I | should receive it this week if I'm lucky. | avian wrote: | > The whole goal of the Pi project is to make computers | affordable to enable learning and prototyping | | Is it still though? They have been pushing into various | industrial and commercial markets. There was talk about | Raspberry Pi Trading planning an IPO this year [1]. | | There are companies now that are basing their entire product | lines around Raspberry Pi's Compute Modules. This then drives | demand for other Raspberry Pi products as well. When you're | deeply invested into that ecosystem you also need Pis 3s and 4s | for builds, testing, development, etc. | | [1] https://news.ycombinator.com/item?id=29392649 | samwillis wrote: | An IPO of Raspberry Pi Trading Ltd would unlock a lot of | funds for the Raspberry Pi Foundation which could be | reinvested into further educational activities. It's probably | a good move for the original mission of the foundation. | deadbunny wrote: | Isn't this how we end up with another Mozilla? No way to | support the nonprofit and the company keeps doing stupid | shit. | folkhack wrote: | > An IPO of Raspberry Pi Trading Ltd would unlock a lot of | funds | | It would also make every decision that the company makes | from here going forward one of fiduciary responsibility to | the shareholders. For a project rooted in affordable open- | source hardware/software that's a major conflict of | interest. | | I get that "Raspberry Pi (Trading) Ltd" is not the | Raspberry Pi Foundation, but it is wholly owned by the | foundation as a subsidiary. IMO, it'd be of major concern | if any RPI business entities went public. | skybrian wrote: | As long as the company can make a reasonable argument | that it's in the long term interest of shareholders, they | can do all sorts of things. It just has to be a | reasonable business expense. | nothasan wrote: | Pretty easy to automate this | bradly wrote: | Maybe now is now a good time to sell all my Pi's I bought | through-out the years with good intentions of building something | one day. | largbae wrote: | Indeed. Once you start, you won't stop | NowhereMan wrote: | Looks like you can use OATH TOTP, which can be easily automated. | I don't understand how this is an effective countermeasure | against bots. | samwillis wrote: | This ads friction to the process of automating the buying | process. Preventing bots is an endless cat and mouse game, | every protection you put in place will be circumvented | eventually. You just have to keep changing tactics and adding | new layers. That's what they are doing here. | | Realistically the best protection that they could put in place | is a rate/qty limit on the credit card being used. It can still | be automated by using stolen cards, or one of the services that | instantly creates new card numbers for you. But again it adds | friction. | | Also limiting the number of orders to delivery addresses would | be a easy mitigation. | | It wouldn't surprise me if they are doing both of those already | though. | wyager wrote: | This seems like an especially trivial-to-bypass mitigation. | kube-system wrote: | Maybe, but it's also just a good idea to do anyway, so | might as well. | samwillis wrote: | It may be "trivial" to someone with a high level of | expertise. But the number of moving parts required in that | automation does add a significant barrier to most the of | "script kiddies" that are using bots. | | You still need to automate account creation and setting up | of a TOTP token, that's not "easy" for a lot of people. | spookthesunset wrote: | Like the poster said, it's whack-a-mole. | | These trivial mitigations at least filter out low-effort | script kiddies. People gaming the system "for real" will | put incredible effort into getting around your | countermeasures. You always have to be one step ahead of | them. | azinman2 wrote: | What would you suggest? | nomel wrote: | Low device limit per phone number/payment card, with the | standard checks for VOIP would probably make things | painful enough for most. Heck, outsource the bot checking | and require a Facebook/Gmail/Apple/Twitter/whatever | login. Intrusive as heck, but it works relatively well | since those companies have already whacked a million | moles. | [deleted] | udia wrote: | I agree, 2FA seems unrelated to stopping bots. It really seems | like some form of rate limiting and captcha should have been | used instead. | cft wrote: | https://2captcha.com/ | kube-system wrote: | I love the "workers banned" stat. It's bots all the way | down. | gaius_baltar wrote: | > $0.50 for 1-2 hours, depending on service load. | | Where in the world do they plan to hire people for these | rates? | | In India, the country with lowest the Big Mac Index as in | [1], it would take 6.48h for the human-bot to pay for a Big | Mac. And this excludes energy and internet bills and money | transfer fees. The numbers just don't work. | | [1] https://en.wikipedia.org/wiki/Big_Mac_Index#Figures | londons_explore wrote: | Perhaps for buying a ras-pi specifically, they'll require SMS | verification. | | SMS is hard to create large numbers of fake accounts because | getting access to large numbers of phone numbers that aren't | all in the same block is pretty hard. | colechristensen wrote: | A lot of bots are written by really unsophisticated people | though, often just following online guides. Raising the bar | lowers the number of adversaries. | | You can never eliminate the risk, but it's just one more point | of friction which is also a not-so-unreasonable speed bump to | enable for real users. | bbarnett wrote: | Maybe, but, no one gets my mobile number, not my bank, no | one. | | It's not in my name, I pay cash for it, I share my contacts | with no one, etc. | | I won't have it linked to me, and with how you can so readily | be location tracked when someone knows your number, I am | astonished so many people give it out. | | So there goes the easiest 2fa.... | kube-system wrote: | How is that related to this? | | OATH/TOTP does not need your mobile number. It only needs | the current time, a secret, and an SHA/HMAC function. | | There's no phone number involved. | throwaway81523 wrote: | Do you mean SMS? I don't see a requirement that you use | that. Yeah, that would be a pain. My SMS goes to a voip | number that emails me the message, and that works most of | the time, but a few jerky sites reject it. I just figured | that the 2fa slows down requests to 2 per minute or | whatever, the speed of TOTP codes changing. | | I also don't know what a verified account is. If it's just | email-confirmed then yeah, that is trivial. If it is a | payment card that worked, or even further a shipping | address that worked, that can be more annoying to game. | | I had thought that it was only the Pi Zero series that had | strict quantity limits, and that people were supposed to be | able to buy lots of 4's if they wanted to. | | Also, for most users (not all) there isn't really a | pressing need for a 4, since the 400 has been plentiful and | is basically a 4 in a different form factor, with an | attached keyboard. I figured if I wanted a 4 before they | became available again, I'd just get a 400. What I really | want is some more Zeros and Zero W's, but I think those are | both being replaced by the more power hungry and expensive | Zero W2. | colechristensen wrote: | Other people share your contact though, unless you | exclusively associate with people equally paranoid. You | simply can't have an anonymous phone number these days | unless you actively switch numbers all the time which if | you get accused of something will be used as evidence | against you. | loceng wrote: | And how might voice recognition play into this too? If | you're not easily identified then you may draw more | attention and more effort spent to determine who you are. | bbarnett wrote: | I have a voip number forwarded for incoming. I have no | caller id for outgoing. | | Thus, even with google having my name linked to a number, | it does not link to my cell phone. | | Reply to comment below: | | No one gets my real mobile number, so that is solved. | | Why would I care if my VOIP number is in address books. | That's the point of it, and why I have it | | I'm not trying to hide from the government, I am | preventing Google, FB, etc from linking my mobile to me, | and preventing random people from tracking my location, | which is trivial when they know your mobile number. | giantrobot wrote: | It only takes one contact to have your real number in | your name, or even better also associated with your VoIP | number in their address book, to lose your "anonymity". | izzygonzalez wrote: | That was my thought. The value of a piece of metadata is | inherent in its context as a node within a network. You | might have disparate pieces of information about a group | of people, but weighing their connections by | similarity/proximity/etc. allows you to develop | assumptions about individuals, even if all you know is | their phone number and who had that phone number in their | contact list. | | Specifically, from the point of view of network analysis, | a missing or unknown node becomes suspect when various | connections point to it. In the era of high | connectedness, that seems like kicking a goal on your own | team if you're playing the "be anonymous" game. | multjoy wrote: | Your VOIP number can be resolved to your mobile number. | Your cell provider has the link. | | You withholding your caller ID only hides it from the | receiving handset, it doesn't disguise it from the | network. | getcrunk wrote: | If you host your own pbx, you can consider it as a proxy | to your cell phone, and even do it over vpn. You cant | track that further than the pbx server ip | colechristensen wrote: | Then why do you care? Get another forwarded number for | giving out. | 7402 wrote: | Actually, they don't allow new use of SMS verification. | [deleted] | nextaccountic wrote: | Get another phone number, get a phone with dual sim, | disable this sim card and only enable to answer 2FA queries | swiftcoder wrote: | Unless you cycle across town every time you swap SIMs, I | don't think this will help much. Just the fact that those | two SIMs ping the same cell towers is enough for a bunch | of data aggregators to correlate the numbers back to the | same person. | bbarnett wrote: | Plus, IMEIs are often sequential, and can be queried | (like a mac address) in a DB. This helps prevent theft. | | So they have one IMEI, they have all for that phone. | bbarnett wrote: | 2FA is not even remotely secure via sms, as shown 100 | times over. The only reason google loves it so much, is | it links your real life name to your accounts. | littlestymaar wrote: | You'll probably be interested by this other article[1] on | the front page of HN today, but you're not going to like | it. | | [1]: https://news.ycombinator.com/item?id=30765223 | Terry_Roll wrote: | You dont need to hand over your mobile number, just get a | raspberrypi, install freeswitch and sign up to a free voip | number which happens to be in the range of numbers used by | mobile phone operators. https://www.sipgatebasic.co.uk/ | | I really dont know how they think they can use 2FA to stop | all but the most basic of bots from buying up rpi's. | bbarnett wrote: | I have SMS capable voip numbers, and also ones ported | from old phones. Many 2fa services have a db of these, | and refused to send. | esoterae wrote: | Easiest to pwn 2FA | evan_ wrote: | You're misreading, you have to "verify" your account first as | well as set up MFA. | | Verifying just consists of confirming your email via a one-time | token. Setting up MFA presumably just makes sure there's no | impetus to hack a bunch of old accounts. | adolph wrote: | Adafruit does have stock of Pi Zero WH in the form of Google AIY | vision kit. Kinda spendy for what it is tho. | | https://www.adafruit.com/product/3780 | Seattle3503 wrote: | I'm surprised they didn't require Phone # verification given the | issue they are having. ___________________________________________________________________ (page generated 2022-03-22 23:00 UTC)