Avatar
ODELL 2y ago

1. Coldcard was FOSS and bootstrapped - nvk and peter denied interested VC investors.

2. Foundation cloned code, announced slightly different hardware, raised money from those same VCs pre-product.

3. Coldcard changed software license to allow everything but that. No longer FOSS.

Coldcard source code is verifiable and reproducible. It can be modified and built but not sold. You can even add your own entropy during seed generation. I personally disagreed with their decision to change the license but it does not change the security of the product.

NVK is a friend. Coinkite is a sponsor of RHR. Ten31 is an investor in Coinkite. I have used and recommended their products before all of that but transparency is important.

I am personally grateful their team continues to build robust bitcoin hardware. My family relies on it.

Reply to this note

Please Login to reply.

Discussion

Avatar
thePR0M3TH3AN ✝️ 🥩 🍊 2y ago

I love my cold card but Iv been slowly migrating over to a seed signer multi sig. Less hardware and software risk to fuss with.

Avatar
1F52B 2y ago

Hrm, don’t really want to start this argument up again 😅 but SeedSigner has a lot more hardware risk than a ColdCard, except (perhaps) for targeted supply chain attacks — because a SS is widely available off the shelf stuff, it has ‘herd safety’ whereas CC is obviously only for Bitcoin so has a clear incentive to be attacked. SeedSigner is also more closed hardware than the ColdCard is (RasPi is very closed), though neither are fully open as CC give schematic but PCB layout is closed and Secure Elements are mega closed and the ST Microprocessor is also closed.

Similarly, for the software risk, ColdCard software stack is way way fewer (orders of magnitude) lines of code than what’s in a SeedSigner which AFAIK is running an entire Linux. CC firmware can be deterministically built, whereas SS doesn’t and that might be tricky to achieve.

So while both are great, they have slightly different security characteristics and for *most people* the ColdCard comes out as the stronger option

Avatar
thePR0M3TH3AN ✝️ 🥩 🍊 2y ago

My thinking is, if I'm holding Bitcoin for my kids and grandkids then I have more faith that a Linux computer with a camera and an open source OS like SS is more likely to be around than the special chip that is available in CC. I like that with SS the keys are physical by default. I know my wife is able to send to and from a multi Sig made with a ubiquitous rpi seed signer setup + blue wallet. I'm not so sure she would be able to do the same with cold card multi Sig. So I may just be using the word "risk" differently.

Avatar
DETERMINISTIC OPTIMISM 🌞 2y ago

That’s exactly how the spooks killed PGP.

Avatar
Ryenski 2y ago

Seed signer is extremely easy to use.

Avatar
nontoxicmaxi 2y ago

Thanks for the sum up.

15
Change this if you want 2y ago

True ! Coldcard is must have !

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 2y ago

"Cloned" is an interesring choice of words for forking open source code.

I guess Coinkite cloned the trezor firmware in that sense then. 🤡

Avatar
ODELL 2y ago

coldcard used a trezor library and built on top, foundation built a coldcard mk3 in different clothing, advertised it as such, raised money pre-product on that as the premise, and accepted preorders for it before releasing their own code publicly

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 2y ago

Aside from the fact that they diverged significantly since then, forking the *exact same code* with no modification with different hardware is entirely permissible.

Don't release firmware on a license you don't agree with in the first place, and don't make a fuss when people do things that are entirely permissible under that license.

I don't care that they changed their license, but calling others "clones" is braindead and spineless.

Avatar
DevilishLemonBar 🦥⚡🏳️‍🌈 2y ago

Disclaimer: I do not own a Passport or a Coldcard.

Avatar
ODELL 2y ago

the only reason they diverged since then is because coldcard changed their license

> Don't release firmware on a license you don't agree with in the first place, and don't make a fuss when people do things that are entirely permissible under that license.

I agree with this and personally do not think coldcard should have changed their license, as I said in my original post and have publicly said in the past.

Did not realize the term cloned carried such a negative connotation with some people. Will say forking the exact same code with no modification in the future.

Avatar
Boog 2y ago

I use both products. Both have pros and cons. Don’t really care about the arguments back and forth. Both products would have zero value if it wasn’t the FOSS project that #Bitcoin is.

Avatar
pleb_world 2y ago

🤝

Avatar
Sisyphus 2y ago

Fuck thank you. Clear and concise. My setup is simple and solid - Sparrow, Whirlpool, MK4. Or Samourai on an old Pixel 4a running CalyxOS, if I’m making purchases. I’m good with this.

Avatar
Neo ⚡️ 2y ago

🎯💯

47
SecondBreakfast 2y ago

Just happy to have options!

Avatar
ODELL 2y ago

Same!

Avatar
Toshi 2y ago

Different topic, but I’m curious about your view on Wasabi coinjoins because you were using it a lot in the past. Are you still? Do you consider their coinjoins reliable? What’s your thought?

Avatar
2Pac 2y ago

Seconded

Avatar
Modus 2y ago

Also this

#[3]

Avatar
muskeeto 🦟 2y ago

Doesn't change the fact nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8is one of the most annoying podcast guests.

Avatar
BitcoinSandy 2y ago

Have several Coldcards, amazing product for me

Avatar
btconboard #LNHANCE or #CTV 2y ago

Whether you agree or disagree, what is the pro case for paying a lot more for a Foundation vs coldcard or Q1? Why is it worth such a large premium?

Even tribal loyalty aside, coinkite products are much cheaper and more proven(at least for now). All else equal I’d rather go with a cheaper option.

Avatar
btconboard #LNHANCE or #CTV 2y ago

Also did Foundation pitch investors: 1 actively lie about where their code came from, 2 simply fail to disclose where it came from, or 3 be fully transparent about where the code came from? I think which of those they did makes a big difference. 1 or 2 are not a good look. 3 feels fairly reasonable.

Avatar
ChipButty 2y ago

Love my Coldcards & have no intention of replacing them, but definitely won't be using Foundation devices though.

Avatar
TonySly 2y ago

Matt - Love everything you do for this space.

1. Why did you say clone vs fork? There is a distinction, AFAIK.

2. Was Coldcard's use of Trezor code a clone or a fork by your definition?

I don't have a dog in the fight. We are where we are and we're all better off by way of competition.

Avatar
thesimplekid 2y ago

He posted this on nostr why post the Twitter screenshot?

nostr:nevent1qqsr82dlm2r83yhnxvpp46yt0zmeyfp5mv3cqztfj4ufmn06xzgrflspz9mhxue69uhkummnw3ezuamfdejj7q3qqny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysxpqqqqqqz2taruj

Avatar
ShiShi21m 2y ago

Bc I was searching for something on bird app & came across this - didn't know he posted on Nostr.

Either way,

Clearly, Bitcoin didn't fix VCs (yet).

Avatar
sneagan 2y ago

I can’t find the Foundation dick move here. Investors wanted to fund a device. A team wanted to build a device. They got together and used the available tools to do it. “My license allowed this but I’m mad it happened” is silly. Preventing others in the community from profiting off your public work is bad. If anyone is wrong it’s the Coldcard team.