Oddbean new post about login | logout It's incredible to see people pretend that coinkite & primal actually innovated on something. They're window dressing to piggy back off others' work, just really good at marketing.
Bitcoin (and nostr?) made permissionlessness great again Unfortunately, companies in the space are the obvious target to "turncoat" (personally, not a fan of coinkite terms... Haven't checked recently, but last time I did, there was AML terms in there)
what is there to pretend? coinkite was the first hardware wallet that offered complete airgapped functionality using secure elements even the industrial design and packaging is thoughtful compared to the other participants in the market. Innovation doesn't only reside on the PCB. if anything, Coldcard is overkill -- bitcoiner paranoia is second-to-none
Secure elements are only beneficial because of the stateheld nature & airgapping with SD card isn't much different than USB. The real innovation in PSBT was doing it through QR. ALOT of people who own a CC end up plugging in via USB btw.
To achieve the same security assurances as QR you would need to use a new SD card for each & every transaction. This has already been admitted by NVK btw.
Then we have the walk of shame... nostr:nevent1qqs0cygkjf3ru9sgk9uz598akwdnt67uan7kk7kvjy277x6fupu6rdqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpc3xpfa0xwem5vq8gygug4ne8nh4354tg0zevk7mke2ljruh8xdvqvzqqqqqqy5ruwp6
PSBTs off QR codes is a hack, look no further than the rolling QR Codes for multi-sig. if you really dig into it with a tinfoil hat, passing PSBTs off SD cards is actually safer -- less dependencies at the end of the day, no different than USB? what interface do you think your camera runs off of? another innovation you don't see elsewhere? NFC that you can turn off physically I don't even have a cold card 🤣 I give props because it is deserved.
I see where your head is at but I think you're wrong about this. Trezor doesn't get it's due bc they supported shitcoin firmwares, but all they did was add SD card support. I haven't seen a single person get pwned using the Trezor suite of products. QR is a huge innovation and you know it, but I think you're taking this stance as you don't seem to care about the FOSS aspect - correct me if I'm wrong but that's my hunch.
I hope you also realize the vulnerabilies that they left their customers open to. These great innovators. You talk about multisig ... https://image.nostr.build/436524bf19f17e8468fb5df0f3995ed55f47ece63fec9b5c13f7940fe1ab8194.jpg
No, you're wrong about this. Trezor and Coldcard are very different things if you get down to the physical design. Trezor getting pwned -- https://www.youtube.com/watch?v=dT9y-KQbqi4 QR is a hack. No hate, I use it everyday I do care about the FOSS aspect, not my business though
They can literally do this with every HWW. Which already happened with the mk2 as I showed you. And mk1. You're so salty it hurts.
Why do you think MK4 has two SEcure elements now? Because one was safe enough? It's a never ending rabbit hole of close source stuff. I prefer stateless & QR. Or USB and wipe. You can repeat your garbage about QR & conveniently talk about NFC being able to be neutered...but you can't take away from the security benefits. Sorry kid,
so your threat model is less severe, happy for you
My threat model takes into account people who act like experts but aren't. https://bitbox.swiss/blog/coldcard-isolation-bypass/
Vulnerable AF, this wouldn't be acceptable if any other "brand" has this going after so many years in biz. They didn't pay a single bounty, fuggin shady fucks. nostr:nevent1qqspmv5g2na728re2xwvs0arga8cmtuhjy7mgsfayjcrcxmwjprfgqspzamhxue69uhkummnw3ezuendwsh8w6t69e3xj7szyr3zvzn67vanhgcqwsg3c3t8j080trf2ks79jedahdj4ly8ewwv6cqcyqqqqqqg7m0ugn
