I feel this, LoL.
nostr:note1x6m7walrsxkqu6x307438m22mnps7x5nul0cen5p7r478yluzrsqgs57ww
Can I really not pay with bitcoin on the US site? nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
Always happy to sell via DM for btc/ln.
I get an extra little charge when I see nostr:npub1rfd0hxdzcze6pzj29thuz34vur57wm9quje7w3edxjgusq6m47csnl7wrt like my posts -- he is one of the most based bitcoiners I know.
Just FYI because the question was asked. 🙂
What is the best method to verify the multisig addresses on all devices that are part of the set up?
When I signed a tx with cold card, it became aware of the other XPUB and I was able to export the addresses to a file and compare them to what sparrow was showing.
Is the same possible with nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl
?
Yes, definitely supported. Best practice is to print one or more copies of the wallet descriptor at the time of initial wallet creation, so you have durable documentation instead of having to trust the coordinator later on. Change address verification is part of our standard transaction workflow, or you can also scan change/receive addresses to initiate a verification routine. You can also browse change/receive addresses in index-order within the UI. The key part is to have the descriptor as a QR code so you can scan it into the signer.
Can confirm.
nostr:note163mv6czekresv6qtgxzpy7f7nqnzzyuyae432ythfv8qncnwhx2snk9mmr
Agree that this is likely true. Those trying to create a strong sense of urgency around network updates needing to happen asap likely have an agenda.
nostr:note1duznwcqkffeq7kdhymt3vgzr5rlchqf559p9y3lewkfaff75xrssy5x6lx
AMAZING READ!!!
nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl, man... That's a plain AMAZING write up!
Learned more on the past 30 minutes than the 2 weeks before that!
https://seedsigner.com/seedsigner-independent-custody-guide/
🧡
"...only needs access to the device for seconds to binary-patch the firmware..." So dramatic, that darn evil maid is at it again.
Nothing new here, just a different type of theoretical attack that requires you to run malicious software on your signer. With our model, users are responsible for making sure they are running good software -- same as it ever was.
nostr:note1w2tmzhkqd7j9uwmr7lzj8muhn8332gn699zfntmrke45vp0kwh9qnukzp8
One thing that would greatly increase my confidence in recommending nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl to those looking for a hardware signing device would be a cold eyes expert review of the stateless claim.
I left this feedback with the team over nine months ago, and have not heard back that they are pursuing this route.
https://github.com/SeedSigner/seedsigner/issues/391#issuecomment-1599256650
cc nostr:npub1tv8gmfhalwnxxquxjzeh6gtdsdz6vg7vx0s3rt7s7uuw6aujh32qn77wn2
Happy Good Friday to you as well, have had several people DM me about this now.
While the CS principal of the volatility of RAM is widely accepted, and if false, the viability of Tails OS and many other forensic live environment tools would be completely destroyed as well.
That said, (1) would it be a good idea from an adversarial perspective for anyone invested in SeedSigner to perform or be involved in such an analysis? and, (2) we are a volunteer FOSS project -- are we expected to somehow fund someone else to do this work? Even if we did this, should they be trusted if we are paying them for the work? (the incentives would be all out of alignment)
With SeedSigner's growing popularity, if RPi RAM really isn't stateless, this would be a complete softball for a HWW company to demonstrate in a reproducible manner and remove us completely from of the cold storage ecosystem.
I don't know what more to say here, if you want to believe then it sounds like you should not trust me and and figure out how to independently verify. It could be a wonderful contribution to our project and could simultaneously allay your concerns.
Appreciate your interest and curiosity. Peace be with you.
There is adhesive on the back of the camera that you can expose by removing a film, sorry for the confusion there. Did you download our software, write it to the memory card, and install the card in the signer like the instructions direct? Without the mem card the device is like a computer without a hard drive, so it won't boot.
How did it go?
This is the way...
nostr:note1udwy5zav43zyrqsj0kt57fy3d6dx60hf2qrtf8ld76hjx622lg9qnw854x
🧡
nostr:note1dylcv26jtnvp5umquemyw9nu4qs0x34j4jmm4pvunehr3gychw4q84rsw2
I'm relatively inexperienced as a public speaker -- sometimes you feel like you're on your game, and sometimes things feel a little off. This one felt pretty good IMHO, worth a listen if you have an interest to hear a bit about our project. 🧡
🚨SeedSigner workshop tomorrow... 🚨
nostr:note163n7yahrux0a7nmf0cem88he8574l7v6c00p0lzhgfeec5dh36nscl9yys
Apologies for the cross post, but so many people feel the same kind of anxiety when using their cold storage tools. Getting a SeedSigner and learning how to use it, even if you keep using your original HWW, has a ton of value.
Lol, got attacked by a dog when I was in primary school, several stitches in my face, could never shake the fight-or-flight thing. And I'm allergic to them -- it's a romance that was doomed from the get go.