🫂

I love my cold card but Iv been slowly migrating over to a seed signer multi sig. Less hardware and software risk to fuss with.

Thanks for the sum up.

True ! Coldcard is must have !

"Cloned" is an interesring choice of words for forking open source code. I guess Coinkite cloned the trezor firmware in that sense then. 🤡

I use both products. Both have pros and cons. Don’t really care about the arguments back and forth. Both products would have zero value if it wasn’t the FOSS project that #Bitcoin is.

🤝

coldcard used a trezor library and built on top, foundation built a coldcard mk3 in different clothing, advertised it as such, raised money pre-product on that as the premise, and accepted preorders for it before releasing their own code publicly

Aside from the fact that they diverged significantly since then, forking the *exact same code* with no modification with different hardware is entirely permissible. Don't release firmware on a license you don't agree with in the first place, and don't make a fuss when people do things that are entirely permissible under that license. I don't care that they changed their license, but calling others "clones" is braindead and spineless.

Hrm, don’t really want to start this argument up again 😅 but SeedSigner has a lot more hardware risk than a ColdCard, except (perhaps) for targeted supply chain attacks — because a SS is widely available off the shelf stuff, it has ‘herd safety’ whereas CC is obviously only for Bitcoin so has a clear incentive to be attacked. SeedSigner is also more closed hardware than the ColdCard is (RasPi is very closed), though neither are fully open as CC give schematic but PCB layout is closed and Secure Elements are mega closed and the ST Microprocessor is also closed. Similarly, for the software risk, ColdCard software stack is way way fewer (orders of magnitude) lines of code than what’s in a SeedSigner which AFAIK is running an entire Linux. CC firmware can be deterministically built, whereas SS doesn’t and that might be tricky to achieve. So while both are great, they have slightly different security characteristics and for *most people* the ColdCard comes out as the stronger option

Disclaimer: I do not own a Passport or a Coldcard.

Fuck thank you. Clear and concise. My setup is simple and solid - Sparrow, Whirlpool, MK4. Or Samourai on an old Pixel 4a running CalyxOS, if I’m making purchases. I’m good with this.

🎯💯

the only reason they diverged since then is because coldcard changed their license > Don't release firmware on a license you don't agree with in the first place, and don't make a fuss when people do things that are entirely permissible under that license. I agree with this and personally do not think coldcard should have changed their license, as I said in my original post and have publicly said in the past. Did not realize the term cloned carried such a negative connotation with some people. Will say forking the exact same code with no modification in the future.

Just happy to have options!

Same!

Different topic, but I’m curious about your view on Wasabi coinjoins because you were using it a lot in the past. Are you still? Do you consider their coinjoins reliable? What’s your thought?

Seconded

My thinking is, if I'm holding Bitcoin for my kids and grandkids then I have more faith that a Linux computer with a camera and an open source OS like SS is more likely to be around than the special chip that is available in CC. I like that with SS the keys are physical by default. I know my wife is able to send to and from a multi Sig made with a ubiquitous rpi seed signer setup + blue wallet. I'm not so sure she would be able to do the same with cold card multi Sig. So I may just be using the word "risk" differently.

Also this #[3]

A quick response here, but first off I want to say I absolutely love @ODELL and have the utmost respect for him. Overall Matt confirms the points I made in my thread about CC being non-FOSS, but unfortunately uses the same harsh rhetoric of "cloning" as NVK does. An open-source project leveraging code from another open-source project to build a product that competes in the free market is not "cloning". Passport was created as an alternative that is easier to use and more approachable, but shared the (very solid) security model. When it comes to security it's absurd to roll your own setup for no reason when a comprehensive and excellent security model already exists, and all credit to NVK for an excellent approach taken. Leveraging an open-source security model for a new product is just smart. Passport used this well-vetted security model and some of the code from CC to build a competing product with an aim of allowing more people to store their Bitcoin securely without all the technical barriers. That is not "cloning". One additional thought here - NVK initially leveraged code from Trezor and built a competing product that improved on a lot of the model Trezor had. I don't consider that cloning either, and wouldn't call it that. It's simply embracing FOSS and free markets. For more context you can refer to my original thread that prompted all of this here: View quoted note →

Doesn't change the fact nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8is one of the most annoying podcast guests.

Also your wallet has a distinguishing feature, QR code scanning, that CC lacks. Building upon open source code and making those improvements available to all is what it’s about, anything else invoking “open source” is a charade. #[2]​ hope you agree. You (NVK) can build a closed source, or “source verifiable” model like Ledger or others but don’t try to profit off of an ethos you don’t actually believe in.

“source-viewable”**

That’s exactly how the spooks killed PGP.

Seed signer is extremely easy to use.

Have several Coldcards, amazing product for me

Whether you agree or disagree, what is the pro case for paying a lot more for a Foundation vs coldcard or Q1? Why is it worth such a large premium? Even tribal loyalty aside, coinkite products are much cheaper and more proven(at least for now). All else equal I’d rather go with a cheaper option.

Also did Foundation pitch investors: 1 actively lie about where their code came from, 2 simply fail to disclose where it came from, or 3 be fully transparent about where the code came from? I think which of those they did makes a big difference. 1 or 2 are not a good look. 3 feels fairly reasonable.

Love my Coldcards & have no intention of replacing them, but definitely won't be using Foundation devices though.

Matt - Love everything you do for this space. 1. Why did you say clone vs fork? There is a distinction, AFAIK. 2. Was Coldcard's use of Trezor code a clone or a fork by your definition? I don't have a dog in the fight. We are where we are and we're all better off by way of competition.

Bc I was searching for something on bird app & came across this - didn't know he posted on Nostr. Either way, Clearly, Bitcoin didn't fix VCs (yet).

I can’t find the Foundation dick move here. Investors wanted to fund a device. A team wanted to build a device. They got together and used the available tools to do it. “My license allowed this but I’m mad it happened” is silly. Preventing others in the community from profiting off your public work is bad. If anyone is wrong it’s the Coldcard team.