Subnostr

Wouldn't touch CuckKite products with a ten inch pole, no FOSS devs will waste their time with this shit & clearly their in house devs aren't great at catching easy to find bugs. The Q1 is a ripoff clone of other devices after NVK said, incorrectly, QR wasn't secure. He now agrees that QR is as secure as using new SD cards for every TX. This shady behavior is not what you want when you're trusting a company with your wealth.

As always, reciepts:

Bounties aren't paid:

https://thecharlatan.ch/Ransom-Coldcard/

2020 vulnerability & poor disclosure:

https://benma.github.io/2020/11/24/coldcard-isolation-bypass.html

2nd link with clearer explanation, can't even trust the testnet:

https://www.coindesk.com/tech/2020/11/25/bypass-attack-in-coldcard-bitcoin-wallet-could-trick-users-into-sending-incorrect-funds/

2021 multisig vulnerability & second known unpaid bounty:

https://benma.github.io/2021/02/09/coldcard-multisig-vulnerability.html

On the same licensing that CuckCard uses:

https://redmonk.com/sogrady/2018/09/10/tragedy-of-the-commons-clause/

DRE 2y ago

When did he say QR is not secure? I believe he was referring to its implementation with certain pieces of hardware that perhaps make it less secure, and now that the better hardware is cheaper it became economically viable for them make the Q1 which enables QR. #[5] am I tripping or is this the case?

I don’t know about the other stuff about unpaid bounties, but all their code is open and verifiable, so idk what you mean by trusting them with your wealth?

I imagine you’re pro FOSS, so saying the Q1 is a ripoff clone is kinda funny and contradicting to the spirit of FOSS, but maybe you’re not pro FOSS.

Reply to this note

Please Login to reply.

Discussion

ShiShi21m 2y ago

I am Pro FOSS to the highest degree.

The reason I worded Q1 as a clone is because of how NVK has attacked foundation claiming the same & then moving away from FOSS.

As far as you not reading the links about the unpaid bounties that are well documented & tagging NVK instead says it all.

Trust, Don't Verify.

ShiShi21m 2y ago

As far as reciepts go, I have posted all of them here before - I'll find it for you & post when I get a chance.

Should've bookmarked it.

DRE 2y ago

It’s ok, I believe you have the receipts. If it’s true it only harms them and that will show in the quality of their products. Consumers like myself mainly care about quality of products, I don’t need to like everything NVK does. But by all means confront him and the VCs backing Coinkite

ShiShi21m 2y ago

Definitely, I'm a quality maximalist so long as I'm not sacrificing what's most important.

That's why I don't use their products.

DRE 2y ago

I’m aware NVK has referred to the foundation device as a clone of the coldcard, but he is not a FOSS maximalist. It’s weird seeing FOSS maximalists use those terms when they are contradictory to the FOSS ethos that’s all.

Yes, I didn’t click all the links that’s why I said “I didn’t know about the bounty stuff”, as in for all I know it’s true, but I don’t have time to click all those links and go down that rabbit hole. I didn’t make a comment denying the validity of those accusations.

I tagged NVK in a separate paragraph in case I was misrepresenting his stance on QR and why they are just now enabling it on their hardware. I didn’t tag him so he could defend your accusations. For all I know he could care less and would tell you to cry harder.

Seems like you didn’t understand what I said or meant at all, but all good.

ShiShi21m 2y ago

It's not contradictory, it's the truth.

Is it not a clone of the design?

I have no issue with people using FOSS code for their projects.

I have an issue with people who muddy the waters & pretend they produce innovation when they are just ripping others, then accusing them of the act of "cloning".

I will use the words produced by NVK without any omission, & respond in kind.

I'll find the receipts of his real time FUD campaigns & post them here for you to read.

I advise you to read those links as a user.

Happy hodling.