sadly regardless of what has been said, if the functionality that the customer needs are not met, they will always go somewhere else that can fulfill this. The value of one's product or services are always based from what the customers are willing to pay according to their needs. nostr:nprofile1qqsglv2qkn5dmmuhee9cy8fywfu2rfp4xd3xy0myqg2gfvmjl9yqqrqppamhxue69uhk2tnwdaejumr0dsq3qamnwvaz7tmwdaehgu3wd3skueqpz3mhxue69uhhyetvv9ujuerpd46hxtnfduekf372 - we truly appreciate what you said here and it is not a judgement but rather a constructive feedback. This is because people truly care about your product. Hence, people go their way to take their time of their day to reach out to you and ask the possibilities. It is ok too to say that it is not on your priorities list! All the best!✌️☺️
I think not being burnt out is more important
There’s moderation work, and clients also want features, then you need to make sure it runs stably, etc.
did you hear about static or dynamic analysis? 😆
to be able to have AI scan vulnerabilities means that it needs to be able to build a map of the application logic, how every small detail interacts and how these may combine into an exploit chain
that is not possible with a text predictor
nostr.build already has file search, along with filtering my category and folders
Why use a HWW then?
You need to store the seed backups somewhere, may as well use SeedSigner with the seeds
yes, they have, the SE2 used by CC Mk4 is broken (source: Coinkite), and SE1 also has been broken (source: a talk by the Ledger Donjon team)
Plug it in, authorize the client, then you can manually approve from the app or auto approve certain kinds.
A hardware screen is not necessary for this use case. Manually verifying for every AUTH event or reaction is going to make the UX shit.
Even if it is single one it makes a difference. When there are 2 of them (from different vendors) then they can play with MCU in quite complicated set.
More here
https://blog.coinkite.com/understanding-mk4-security-model/
And also if you prefer Guy’s read
both SEs are vulnerable to laser fault injection and lack basic protections that has existed in any credit card for the last 15 years
yes, the only case it could work with unnecessary complexity is where you use a remote signer, each client maintains state locally, and you remove a client
in this case you can also do the following which is easier: rotate the secret used for encryption
actually, wrong term
I meant forward security
post compromise security is interesting, but it is not applicable in nostr
NIP-04 and the likes work (not that they are good, especially gift wraps) but they have no post compromise security
both of them are IoT grade shit (and at least one lacks any CC certification) that don’t have the same basic protections as any credit card within the last 15 years
both of them have viable laser fault injection attacks meaning you only need the expensive (probably $300k max) equipment, but that’s nothing as you can reuse it for as many wallets as you prefer
The idea that an HWW’s security hinges on the secure element only is insane
the devs say “go make a better one yourself” because they are too incompetent to do that themselves
didn’t get the pgp key + email yet though
or signal
they are too busy making the 37th ecash wallet that looks like it was named by an immature idiot to fix real issues nostr:note1wzxcmgtmcwegr6dfqlc9kkydmnxvlumzz0qy0dmw0r0r6v8e2ysqktspmg
security is a layered approach
one of them is having a secure element
there’s more that I will publish later :)
Shredding a credit card does not make it unusable
