Avatar
Seth For Privacy 2y ago

DIY hackable” and only “source available” 🥲

So what dev in their right mind will write and publish code/firmware for this locked behind a restrictive, source-available license? Do they expect someone else to make actual FOSS firmware?

Someone explain this paradox to me.

“Make it anything you want, you just can’t sell or monetize it in any way, ever”

I just… how is any of this in the spirit of Bitcoin or even simply encouraging proper innovation and a flourishing of ideas.

Pretty sure this is where Coinkite realizes the “find out” part of fucking around with restrictive, “source available” licenses instead of doing the right thing and actually leaning into freedom tech.

Reply to this note

Please Login to reply.

Discussion

Avatar
Nice and Kind Vic 2y ago

I liked the coldcard, but not getting the new device with keyboard for this very reason. If I cant charge for supporting it, or building something custom, I dont see the point in digging into it.

Relatedly I was opposed to start 9 until they finally open sourced their os last week.

Avatar
Seth For Privacy 2y ago

Open source is how we all win, source available is just about wielding the state to build regulatory moats. Pretty to sad to see from a company that’s been in the space this long.

Thankfully lots of good projects that actually care about open source freedom tech in the space 🙂

Avatar
kris 2y ago

Is there a decent resource of information for coldcards / signing devices / solutions that are truly open? A matrix / rating would be quite useful. I’ve recently started exploring procuring such solutions and have found it difficult to make a good decision on such items.

Avatar
Nice and Kind Vic 2y ago

Comes down to your specific wants and needs.

while walletscrutiny.com is a good starting resource for software reproducibility, to my knowledge there isnt one for hardware vs licenses and the features available.

i will continue to use coldcard as its affordable and no other devices offer its full feature set. yet.

if you dont need remote access as a HSM like coldcard offers when paired with ckbunker (99.9% of users dont), then consider the following:

- blockstream jade (simple device but unless setting up your own server for login to use it requires the blockstream server. sealed, MIT)

- trezor (open, but no secure element and private key retained on device. must use passphrase, sealed, MIT)

- seedsigner (open source software on top of general purpose hardware you acquire and assemble where chipset is neither open nor source available, must physically secure, unsealed, MIT)

- foundation devices passport (initially modeled after coldcard, catalyst for nvk license change, it offers the essentials for most use cases and improved privacy support with whirlpool, sealed, Apache/BSD/GPL/MIT)

sealed = physically sealed, tamper evident

Avatar
kris 2y ago

Ty Vic. That’s a super helpful and a thoughtful, well written reply to assist in my learning space currently.

I’m playing around with Trezor and Jade currently. I was plan on building out a seedsigner based device, but it is useful to state the chipset item in that use-case.

I was considering coldcard.

I just started playing around with Nunchuk and Jade this morning, with the intent of exploring multiple /layered hardware based keys.

What are your thoughts on the NFC cards from coinkite? Tap signer?

I just procured an sats card from coinkite. I think the technology on paper behind the sats is quite interesting and unique.

Overall I assume coinkite has contributed majorly in this space, despite the grumbling on the licensing approach, yes?

Cheers! Have a good day.

Avatar
kidwarp 2y ago

Is there something like this that is open source?

Avatar
Seth For Privacy 2y ago

This is just an ESP-32 with the wonky Q1 hardware shell around it.

Anyone can build simple ESP-32 hardware, I.e Jade, Bitaxe, and many other Bitcoin hardware projects!

It’s a very, very common platform.

In the whole announcement and paid blog post for Bitcoin Mag it has no clear goal or usage, it’s just an open platform that’s… not open lol

Avatar
kidwarp 2y ago

Ok lol thank you very much from your response I appreciate it.

Avatar
Knightstr 2y ago

What would you recommend? Coldcard, jade, foundation? What do you think the trade offs are in your opinion?

Avatar
crimsonleaf363 2y ago

How is this productive or adding anything new to the conversation? Coldcard changed their license how many sales quarters ago?

Avatar
Seth For Privacy 2y ago

It’s because they launched a product explicitly for “DIY hacking” and being an “open platform” that’s not either of those things because of their license choices.

We should continue shaming companies that are anti-open source for their own profit.

Avatar
Enki 2y ago

And people wonder why I wont touch cold card.

Avatar
w3ird_ 2y ago

how would this be any different than building something on top of a closed source api such as github's api? the source being restricted to viewing doesn't directly affect the integration someone hacks together except that it can only run on this device. it's similar to building an app for iOS only.

Avatar
Boog 2y ago

Is this the Q1?

79
Duvel 2y ago

So it's not free and open source, but all source fully available. What does that mean?

Avatar
<old>cypherhoodlum 2y ago

OSS is not FOSS. The F stands for "Free" which means free as in free to modify in any way. Could also be free as in 0$ but this is not necessary. FOSS = Free Open-Source Software, which you can modify, repackage, and sell. Source-available is not FOSS. Hope this clarifies.

79
Duvel 2y ago

Yess, thank you. I guess it also depends on the license used? If it is MIT e.g. it is FOSS?

Avatar
<old>cypherhoodlum 2y ago

It depends completely on the licence used. MIT is considered to be FOSS, yes. However, the conversation becomes very nuanced from here on out. Some licences are considered to be more FOSS than others (by some people). There have been some wild debates about this in the Bitcoin communities.