I really enjoy these conversations with Printer. 🙂 nostr:note1luc59lcnmrfvapks9rka6enk5a5vjfcl5xv3pq627phjgmx6srjqrn66xx
None of the coordinators support anti-exfil so in part it's a chicken and egg problem, but hoping deterministic signature validation is incorporated into the psbt standard, that would be the best ux solution, rather than a second round of QR code exchange. Validating and deploying authentic software takes less than a minute, and we've always been about long term saving with bitcoin with relatively few spends, so card swap attack risk seems overblown when validating software is so fast and simple. With great power comes great responsibility, for those who are willing to assume the responsibility. Also, take a closer look at those emphasizing these issues and their motivations; it speaks to conflicts of interest that you've spoken about.
In addition to being an "I can't buy hardware wallets" option, SeedSigner is also an "I'm not comfortable trusting hardware wallets" option.
"No one can serve two masters; for either he will hate the one and love the other, or he will be devoted to the one and despise the other."
Matthew 6:24
How about a SeedSigner episode...? 🤩
I’m sorry that we don’t seem to be doing it in your approved manner. I was under the impression that bitcoin and nostr were open platforms and people had the freedom to use as they wished. ¯\_(ツ)_/¯
Then I guess we won’t fit in around here.
The individual operating the split service would be a money transmitter, unfortunately. This workflow we’ve set up was very intentional.
"I had a few similar donations in the last week or so. Personally find it very encouraging."
(a quote from one of our contributors)
Now that we're about a week after the 0.8.0 release, if you're a SeedSigner user and you're getting value from the project, or if you just want to support freedom tools, please donate to our most active contributors. We have a lighting-enabled workflow that you can use to directly support those who have worked to build SeedSigner into the amazing tool that it is.
Even if it's a small amount, each donation gives these contributors a little bit of encouragement to keep going. 🧡
👀 nostr:note1j4ju9gg27gmj3r5yvcer7dc4mr07z5qqt0zrr3qx9w00maruhqkqkn5ufq
Just wanted to express my gratitude to the people behind #raspiblitz nostr:npub169jd0rqttrk7kgk4f9pveuhcz4d7lfzacr3hzlxplqws7yf52xlsqr5ua8 nostr:npub14tq8m9ggnnn2muytj9tdg0q6f26ef3snpd7ukyhvrxgq33vpnghs8shy62 and behind nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl .
This perfect combination allows me to use Bitcoin and Lightning in a non custodial way and it's so much fun on the way!
🧡
Is there an official list of standards that one must meet to earn the right to have an opinion on Nostr development and practice?
I currently spend time testing and reporting issues as I find them (admittedly, I do need to get better at doing this using repo reporting tools in ways that developers prefer). I'm educating others about the benefits of Nostr and related tools as often as I can. I donate what I can monthly or purchase products from developers to support them financially. I'm studying computer science and related topics to contribute in ways I'm interested in. I buy books and build things like nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl to give them to people who want to learn about securing their assets.
What am I missing? Contributing code? If so, how much? What must we users do to matter or not be offensive? What must I do to never irritate developers? Think the same? Ignore what I see as potential problems and never speak of them? Communicate in a specific way? Never make mistakes?
Please just give me a list and I will at least know where I stand and what I must do. Tell me exactly where I'm going wrong and how exactly I can fix it. I genuinely want to know the exact standards I have to meet to matter as much as developers.
I can't figure it out. Maybe I am the problem, but I can't fix a problem without knowing what the problem is.
IS there a standard that will please every developer? Most? Some? One?
I'm frustrated as a user, tester, supporter, and someone who wants to see Nostr succeed. Some developers seem to be frustrated by people like me. What should we change?
All I can say is that the best developers I have worked with get excited when people find bugs in their code and they thrive on constructive feedback on things they've built. These should be communicated with tact, but if they're being processed primarily as criticism, then that says something about the builder.
👀 nostr:note1cqcwy7dlsyvg0fevnr3qpu2r75vwcqdexf77fy65k9ja30fyxmfsv86lz4
nostr:nprofile1qqs09jtvjlmyrxjn37zv70a89csegcz7rpyqjmnw29cveedhv7vagqqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpzpmhxue69uhkummnw3ezuamfdejs92xe5k is there a way to save a multisig wallet output descriptor on the seedsigner?
Not currently. This has been discussed but the decision to implement hasn't been made.
Which is why I hadn't set up an LN address for the longest time, but people kept asking about it. Maybe you should be running this thing, LoL.
Yes. Let us announce this specific thing publicly, LoL.
Unfortunately, if I accept donations or tips on behalf of our other contributors, that makes me a “money transmitter”. 😕
Have you tried sparrow wallet's software author verification module? It doesn’t get any easier than that.
We don't have a PR budget or a marketing department, so it's up to me and our users to refute false claims made by established, or aspiring, hardware wallet makers.
If I have not been as clear on this as I could have been, or emphasized it enough: Our model has not changed since the outset of the project. Our software intentionally runs on simple, inexpensive, widely available commodity hardware with no software authenticity mechanisms.
This means that our users are responsible for verifying the integrity of the code they run on their SeedSigner, because you can run any code that you would want to on the device (with great power comes great responsibility). If maliciously modified software is run on a signer, there are exploits that can be attempted. Dark skippy is an optimization of an already known attack approach, but does not expose any new fundamental weakness to our approach to cold storage. If users verify they are running our released code (which is a quick and simple process) our security model remains robust and one that myself and all of our contributors fully stand behind.
Instructions to verify our releases are available in the repo, and if you haven't used your signer in a while, or if you have any concerns about who has had access to it, just re-verify and re-deploy our software and you are all set.
I will continue to beat the drum about this as best I can. Our L1 storage model is by design intended to be as trustless and permissionless as possible, for those who want to minimize their reliance on or trust in third parties, and also as a fallback for people in parts of the world where hardware wallets are unavailable or the attempted acquisition of them could come with personal risk.
If you love bitcoin and love freedom, even though our project may not be your preferred approach to cold storage, you should want SeedSigner and projects similar to it to not only exist, but to grow and flourish. 