zaytun on Nostr: qna I listened to a #ungovernablemisfits episode recently where you commented on ...
qna (npub15c8…ssvx) I listened to a #ungovernablemisfits episode recently where you commented on #coldcard vs #passport.
Your main critique was coldcard not being FOSS. As and end user, I really dont see why this is such a big deal as long as the code is verifiable. I don't really care that NVK (npub1az9…m8y8) wants to make sure people dont steal his codebase and profits from it. All I care about is my sleep at night, really.
As an example, iMessage is closed source obviously, so thats why I dont use it as a messaging service, I prefer Signal. On a graphene phone, preferably. But say I was invited into Apple to verify the code and it turns out I can personally verify that its end to end encrypted and no backdoors yada yada.
In that case, I might use it to send my mom a txt saying I'll be over for dinner. Even though its fully closed source! All I care about is making sure only my mom can read that highly confidential message.
Taking the #FOSS argument away, would you say Coinkite has done an impressive job at thinking adversarially enough when creating the Coldcard? To an extent that it would be recommendable?
And second question, what would you say npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8s (npub1az9…8y8s) critique of Passport would be, if any, and what makes those points irrelevant enough to make you highly recommend Passport?
Looking forward to learning a bit here and maybe help others who see this post in choosing good #multi-sig vendors.
As a final note, I could go for a coldcard Q4, a passport and a #seedsigner for a multi sig setup.
Thoughts?
NVK will probably critizise the rpi, I hope you'll pitch in with knowledge on this to switch the seedsigner out with something else, Nvk, if you think its unsafe.
Your main critique was coldcard not being FOSS. As and end user, I really dont see why this is such a big deal as long as the code is verifiable. I don't really care that NVK (npub1az9…m8y8) wants to make sure people dont steal his codebase and profits from it. All I care about is my sleep at night, really.
As an example, iMessage is closed source obviously, so thats why I dont use it as a messaging service, I prefer Signal. On a graphene phone, preferably. But say I was invited into Apple to verify the code and it turns out I can personally verify that its end to end encrypted and no backdoors yada yada.
In that case, I might use it to send my mom a txt saying I'll be over for dinner. Even though its fully closed source! All I care about is making sure only my mom can read that highly confidential message.
Taking the #FOSS argument away, would you say Coinkite has done an impressive job at thinking adversarially enough when creating the Coldcard? To an extent that it would be recommendable?
And second question, what would you say npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8s (npub1az9…8y8s) critique of Passport would be, if any, and what makes those points irrelevant enough to make you highly recommend Passport?
Looking forward to learning a bit here and maybe help others who see this post in choosing good #multi-sig vendors.
As a final note, I could go for a coldcard Q4, a passport and a #seedsigner for a multi sig setup.
Thoughts?
NVK will probably critizise the rpi, I hope you'll pitch in with knowledge on this to switch the seedsigner out with something else, Nvk, if you think its unsafe.