Replies (60)
FUCK COIN KITE! SHADY BUSINESS PRACTICES AND CLOSED SOURCE, GG
It's got license that stops others profiting off it or something. The code is observable.
nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8is probably sick to the gills explaining this, but I'm going to tag him for posterity.
it was os now it's not
Those blindly recommending it sometimes have too much referral incentive ie most of the podcast hosts. It makes it a closed bubble. And i dont like bubbles after i got out of the last giant one!!
You should look into the others. Ones without supply chain risks too.
Especially those that are FOSS licensed. Use many.
What is important about open source? Is it that others can review the code, or is it that others can profit off of the code? If it is the former, then ColdCard is fine. If it is the latter, then they don't allow others to use their code for profit.
The most spicy question in the hardware wallet space 🙃
- Trezor was the first hw wallet, kept the code open source (FOSS)
- Coinkite (Coldcard) reused parts of the code to ship their own products, kept the code open source (FOSS)
- Foundation came in, took parts of Coldcard code, shipped their own products
-> Coinkite didn't like it (market competition, and sense of fairness)
-> Coinkite switched their licenses to source-viewable only. Not FOSS anymore (not permitting unrestricted use for commercial purposes by others)
-> Lots of discussion about the tradeoffs for the future implications to the Bitcoin ecosystem.
Hadn't known this part of the story. Interesting.
AFAIK, it doesn't have the verifiable builds. Am I wrong?
its not that simple.
the fact you cant use it for any business of your own seriously disincentives good people from taking long thorough looks.
With a real FOSS license you can fuck around and know that if something cool comes out of it you'll be free to use it.
With the CC's license you're restricted to the set of people who will donate their time to audit.
It makes a big difference.
I'd think anyone who has the capability to review it and is considering using a ColdCard to store their life savings would be pretty highly motivated to review it. Yes, that is a very small minority of folks, but it only takes one to sound an alarm.
I do take your point that having the option to use the code for your own for-profit project would very likely attract more folks to review it, though. That said, all the alarmism about it does not generally take that kind of nuanced approach from what I have seen. Indeed, you're the first person I have seen make that point.
Most of the time it's "OMG! ColdCard isn't open souce!!?? How do we know they aren't going to rug pull us and steal all our money since there's no way to know what is running on their hardware!!??"
What was the last bubble? When you say use many does that mean separate your eggs in multiple baskets? Or are you able to hold the same eggs in different baskets like backups?
Yup. Copycat cloning for profit won’t work anymore for coldcard.
That said, it’s precisely this easy profit motive that eventually gets other companies to join the project and write code for it.
What's the difference between verifiable builds and reproducible builds? Instructions on how to build from source and get exactly the same bytes is included in the ReadMe.
Demanding FOSS with no exception makes the capital expenditure to assemble/deliver a physical wallet a daunting proposition... disincentivizes places like Coinkite to exist since it forces them into a race to do it the cheapest until the DIYer method just wins out with COTS options.
I can understand their decision to protect a portion of their code in the name of protecting the part of their business that assembles/delivers physical products.
What does GG mean?
Same, maybe I used the wrong words.
So you're saying we can build from source and use that as firmware on the cold card? If so, cool, thanks for informing me, I haven't had the time and motivation to verify yet.
So this means that Coinkite is open source in the sense that everyone can see and audit the code, but just not use it themselves for commercial purposes? So it’s at least on par with FOSS in that regard?
This is the nefarious inference point they're spamming to convince plebs this is okay.
It's not and dangerous to our future.
This is the inference point they're spamming to convince you to turn a cheeck.
It's false and dangerous logic.
OG means Original Gangster
GG means Ghey Gangster
My bubble that i referred to: was tradfi investors are right, Bitcoin is not money, its a scam and its for (bad) drugs. In 2014,15,16,17,18 etc. 🤮🤮
Hence I'm staying out of bubbles. Some people call them echo chambers.
I meant: Use many hardware devices, from different vendors /manufacturers in your multi Sig cold wallet.
And perhaps have a few multisigs if you want to.
Ding!
I suppose I just don't have the answers 😵💫
NVK man, do what is right and change back to OSS.
You deserve to do right by the people, you're already filthy rich hopefully.
Do right by the people who got you here.
@ShiShi21m
Okay on second thought, this was the cop out response to avoid the crosshairs. But I should keep the discussion alive, it's valuable. This is Nostr.
I think there's a part of me that favors those that have done a lot of the heavy lifting for me - like Coinkite - because the convenience of their product is, at least at first glance, worth sacrificing that visibility into the code.
I can verify the dice roll algorithm.
I can never plug this thing in to anything, ever. Me likey.
I can transact cleanly.
I get the paranoid security that I think a lot of maxis look for.
So perhaps my brain is seeking to protect my peace in knowing that this avenue exists - I don't have to worry about recreating it myself. I'm giving up that last little bit of ownership of the design to this custodian, Coinkite, because in turn they give me something that I get warm fuzzies from.
But if I'm brave here, I can't help but submit that... were a great hardware list to exist... and the software was FOSS... there's nothing stopping me from being able to give myself what I'm given by my Coldcard.
Perhaps what I worry about - what I'm hesitating on - is the destruction of the enterprising incentive for such conveniences to be invented. I worry that if there's no promise of likely profit, would such hardware/software companion lists ever even be devised?
It's a leap of faith to trust that they would.
Perhaps I just need to learn to trust this community.
Cat Daddy - that's so on point!! And yes you can! Well said.
Once you have taken an hour or 2 to build your own seedsigner, (or Spectre) a lot of those questions will be answered. with nuances. Aha moments. Quite fun too. Not even too techie.
Wade a bit deeper into the water. Good people here too.
I had no idea what a seedsigner is until this response. LOLing at myself, I should know better by now than to doubt that if it should exist - it either does or will with bitcoiners involved.
Thank you 🙇♂️
💯🫡
Sacrifice visibility into their code? It’s publicly available. Only commercializing their code is prohibited.
Stateless signing devices have a role.
Humans have been protecting physical secrets far longer than digital ones.
One day I'm gonna go more than 48 hours being fully satisfied with my bitcoin maxi setup.
Someday. But that is clearly not today.
What hww do you recommend then
I was just about to ask that. I want to try the Jade Plus
They built their market share on FOSS standard.
They sacrifice OSS developers from wanting to audit their code.
DAMN HUE
Any recommendations?
GOOD GAME
SeedSigner
SeedSigner
The SeedSigner is a no brainer addition to your tool kit.
Every Bitcoiner should make one.
BE SURE TO SNAP OFF THE WIFI COMPONENT OF YOUR R PI, IT IS TINY BUT EASY TO REMOVE
Is it frowned upon to not assemble it myself and buy the pre built one?
And now I'm building a seedsigner.
If you build it yourself you'll have fun, and it will be even more educational.
You'll also be getting the major benefit of having a device that you didn't order based on the word Bitcoin as all the parts came from generic sources.
Your T levels are already elevated just pondering such an build 🍆
Yep. Seedsigner for FOSS.
I got there, I flinched once but I got there.
The assembly isn't difficult. But to Make assembly even easier, You can buy the pins pre-soldered, where you push/hammer them in. Those Parts are listed on the seedsigner website also.
Agree with shishi- Buying a fully ssembled is fine from a trusted vendor, but it is quite interesting to assemble yourself.
I was thinking of upgrading to multi sig for the first time with 1 seedsigner and 2 hardware wallets
Also, Do some lurking in the SeSi Telegram group to further your knowledge of m-sig options first. And consider then Either of the Jades, or either passport will do you great. Newer jade has much better camera than the original jade. Or combine with 2 seedsigners. Remember its seedless. And thats a mindshift...
🤣
They literally borrowed from trezer first and renamed the code base to remove trezor from it. Trezor called them out BTW.
Then get forked, and suddenly realized having a FOSS license means people can fork your shit, freak out, and close it up, shouting about "CLoNiNg" and "VC money"
At least foundation is still FOSS innit
i guess "simple" is a relative concept that depends on intelligence
lol 👍
Not sure that’s accurate. CC uses secure chip, Trezor doesn’t. Not sure the code could run on both platforms.
I’m not arguing against FOSS. I think in the long run it’s the only way stuff stays around and relevant. It’s really a question of building a runway and when to go FOSS with one’s product.
For typical enterprise software, configuring the software is the product and thus the software is born free. But for single purpose easy to use devices, there is no service to sell, just the device.
Agreed.
I’m turning my attention to Liana wallet for time locked utxos via taproot (think of a safe with a countdown timer), but looks like that wallet loses time locked transaction ability (think post dated personal bank checks).
I think a combo of locked outputs and not-yet-valid transactions has a role to play in my next security setup.
Time locks are very interesting, it breaks the 5$ wrench attack without needing multisig.
