Full disclosure: I sometimes have to use some software and ofc hardware that is not open source. It's the intention behind this move that makes me lose respect. 

 I mean, generally speaking, it's kind of hard to use everything open source because sometimes the software just doesn't exist or the hardware. Even I use non-open source software and hardware.

I've always really wanted to respect that company for being innovators in the space and doing things that I think are legitimately good for Bitcoin. But due to the way they act on several social media platforms and their overall business practices like this that make me unable to advocate for them.  

 🎯 

 Honest question, albeit slightly off topic: If you could buy a very expensive laptop with an open source CPU, would you be interested?

MNT's FPGA-based CPU caught my attention a while back, and I don't have any income, so $1600-2600 for just the CPU is steep for my blood, but I'm curious to get your take.

More info here: https://mntre.com/media/reform_md/2022-09-29-rkx7-showcase.html 

 Absofuckinglutely. But ro be real, daily driving would come down to reasonable performance vs pain in the ass compatability/performance issues. Checking it out now 🤙🔥 

 btw: It is a lot harder to verify open hardware for integrity than software 

 Depends on your expertise ;) 

 of course you're right, but not everyone can x-ray chips and etch away layers at home 😁

maybe I'm a bit over the top here too. 

 Oooh yeah 🤤🤤🤤🤤 

 you should distinguish people from services, evaluate work, not opinions 

 this is a correct opinion 

 💯, or an airgapped vm. #QubesOS works nicely for this. 

 Did you use a SeedSigner before ava? 

 Yes 

 For me the usability has beaten everything previously used with regular parts 

 What? You can use Trezor to secure your keys that is proper open source. No tradeoff is needed in this regard. 

 It is written there already. Use Trezor, the real open source hw wallet. 

 With easily available tools you can extract keys from a trezor one in minutes, this attack has been publicly demonstrated many times. https://m.youtube.com/watch?v=Y1OBIGslgGM 

 You can do the same with Coldcard, it's just not published because of NDAs. 

 "I" can't, can you? If yes then how?  

 So use passphrases and/or upgrade to a safe 3 or 5. 

 Totally agreed with you! Keys segregation and “almost trusted” hardware are a very complicated topics! 

 Without the “a” logically 🤣 

 I think it is a dick move, which has nothing to do with security. 

 Well, this post of yours will likely start a flamewar, but I’m on the side of you with ColdCard, primarily because it’s Bitcoin-only. “Open Source” means a lot of things, and I think it shouldn’t be exclusive to the GPL3 purist language. But the Bitcoin-only focus of ColdCard means it won’t try catering to the real fraudsters, the cryptobros. Hence, better security, EVEN IF there’s some level of code obscurity with ColdCard.

Besides, ColdCard’s documentation is top notch in my book. 

 "Open source" has had a commonly accepted definition since at least the mid 90s when I started working with it. It's mostly non-developers (and NVK) that are confused about this

There are plenty more FOSS licenses than GPL3, which is actually quite unpopular. MIT and Apache are the most used by far and provide users with maximum freedom 

 the most secure way is to build a hw wallet by yourself by drawing schematics doing layout writing fw doing tons of debug then you can sleep like a baby. but life is too short. it's impossible for 99.99 

 I don't care what wallet you use as long as it's a part of a multisig setup where other keys are stored on a different vendor's hw 😉 

 >"If "verifiable source" is the tradeoff required, so be it." 
How are you equating a company telling you, in order to have a secure device we will not be sharing the source code? 

Aren't you just accepting the "trust me bro" attitude, because the company told you it's more secure if they don't share the code?  

 yeah, i'm not using a device with closed source to handle my money... none of the rest of my software except my Intellij based IDE is closed source 

 this comment misses the point entirely 

 Similar story here but was using ledger. Switched over to Jade, @Keystone and @BitBox using multisig rn. 

 He's using government violence to enforce bullshit copyright law which conflicts with the natural law. He's not an anarchist. 

 That’s correct he is using government violence to secure his business. I don’t agree with him because I think that coldcard is still superior than foundation’s passport and their reputation is not something you can steal. However, his stance is that government violence exists and it is used against others. So he is using it himself. What if Apple takes his source code and makes their own wallet. They didn’t do any work and just took his work and profited off it. Again I don’t agree but that likely would’ve happened with some large business at some point. Google and Microsoft do stuff like that all the time and the small developers can’t compete. So he is sort of trying to protect his business by evening the playing field. Again I don’t agree and don’t think he needs to do that but the code is available to be reviewed and the product quality isn’t changed because others can’t use the code for profit. 

 "Other people are stealing, so it's ok for me to steal" is not how morality works. I think you can use the Government defensively but only if that use doesn't infringe on natural rights.

Note that with a bit of creativity, he could still protect his business and stay moral. E.g. allow companies and individuals who are anarchists and act like anarchists to do whatever they want and disallow statist from using the code. So if Apple wanted to copy their code they'd have to publicly state they are anti-state and release all their patents and copyright. I doubt they'd do it for a few lines of wallet code but even if they did it'd a massive win for freesom. 

 First I never said others are stealing so it’s okay for me to steal. Don’t misquote me.

Second, your statement about using government defensively is an oxymoron. The existence of government IS an infringement on natural rights. 

 You implied it.

You have a point that the very existence of government is an infringement. Unfortunately, it's not practical to ignore it completely. E.g. not use any roads. 

 And the cloners are using the government cantilionare VC  to leech from the commons. 

 Only saw your response now. You could just ban statists from using the code but allow anarchists. The statists are already using or agreeing with initiation of violence, so they already lost their natural rights. 

 that's bullshit.

the whole point of FOSS is that it empowers others to create something new.

"i don't want to empower others to create something that competes" is a shitty attitude.

See Matt Hills recent interview on CD for the correct attitude.

nostr:nevent1qqswq3kff6d7g8tta2x3u8lm7apfw9vda2ny2g66qwjlukyv0c7vsyqprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqgsqfjg4mth7uwp307nng3z2em3ep2pxnljczzezg8j7dhf58ha7ejgrqsqqqqqp3lluva 

 I understand the point of FOSS. I just explained NVK's position from what I remember hearing on a podcast. I never mentioned that I agree with him. 

 and I didn't say anything about you bro 🙄 

 The work they built upon and took a significant amount of code from Trezor. Did you even read the post you replied to? 

 I did read the post I replied to. I did not deny that they used Trezor's code. I just explained the reasoning NVK provided. What is the issue here? Relax. Idk why you're bringing up an issue from over a month ago lmao 

 YW. Most people don't 💜✊💜 

 You should be happy that you have these. Don't worry. There are always 2 sides to every story. Do more research then just reading these notes and I think you will be satisfied with your decision to buy Coldcard. 

 Foundation, waiting on the matte black edition 🔥

nostr:nevent1qqsf4kzxm4e3cphgzxtu2kd3qt9asp90ndtzqwm93wk4wwyt0kr24ycpp4mhxue69uhkummn9ekx7mqzyznqu70qakk4zqxh2sakd8j38k7pcgtsar5mwn7m36t34lg7pe5pxqcyqqqqqqgxaftjw 

 Also SeedSigner 

 both devices are great for signing.
no need for another device.

if you are interested in different signing devices (like me 😅) some recommendations:

seedsigner is a great diy signing device with great UX. I just love it.

passport is in ma opinion the best looking device on the market with great features.

blockstreams jade is the cheapest device I have used 

 Seedsigner is great.

Buy one with sats direct. 

 @BitBox, Jade, @SeedSigner, @Trezor @Keystone 

 🤔 Ledger claims to know how to physically hack a Trezor. I guess they fix it now 

 love  @SeedSigner, want to try the satochip as well 

 I can't think of one device that is 100% open source hardware and software. Some part of it is always closed. 

 The Trezor Model T that I have is 100% open source to my understanding. But show me if I'm wrong.

#Tails with #Sparrow wallet is 100% open source. If you don't connect to the internet with it, and maybe even if you do with the Trezor Model T..🧡😊 

 Whether or not something is connected to the internet doesn't determine if it's open source or not. In the case of Tails, your USB drive is probably proprietary hardware, despite being able to flash open-source firmware onto it. 

I do believe that the Trezor Model T is 100% open source, but its overall security is another thing. It's also worth pointing out that the computer connected to it by USB could be running open-source software, but it's probably not on open hardware. You might find this interesting.
 
https://www.ledger.com/blog/Unfixable-Key-Extraction-Attack-on-Trezor 

 I’ll explain next time we chat. Too long for the nuances in a Nostr post. She is technically correct on the details. 

 2.2 days and counting.