I'm getting fed up of various projects claiming to be open source when they aren't...
I'm getting fed up with some people referring to open source licenses as open source. For God's sake, let "open source" mean open source. 
Topic: Anyone use a COLDCARD hardware wallet? (Read 577 times)
Sorry if this is off topic, but will any MicroSD card work in the coldcard. I'm trying to insert one into the coldcard but it doesn't clip in. Thanks in advance.
Any should work in. Try to about-turn it to opposite sideMaybe the following video from Bitcoin Magazine can help you find out how to install a Micro SD Card on a ColdCard:
Bitcoin Magazine Video Walkthrough: Coldcard Micro SD Card Backups, Wallet Recovery And More
Image source: https://www.youtube.com/watch?v=i-FEoX_gymA&t=29s
Sorry if this is off topic, but will any MicroSD card work in the coldcard. I'm trying to insert one into the coldcard but it doesn't clip in. Thanks in advance.
Any should work in. Try to about-turn it to opposite side
Ok, thank you. I'll try again. I didn't want to push too hard in case I break something. I'll try again.
Sorry if this is off topic, but will any MicroSD card work in the coldcard. I'm trying to insert one into the coldcard but it doesn't clip in. Thanks in advance.
Any should work in. Try to about-turn it to opposite side
Sorry if this is off topic, but will any MicroSD card work in the coldcard. I'm trying to insert one into the coldcard but it doesn't clip in. Thanks in advance.
And this is it right there. There are known flaws, fine I don't expect a Mk4 for free to replace my Mk2. Just give me something.
It would be super cool if Passport would somehow add option of loading their source code on older coldcard devices, that would piss off NVK very much 
In reality, you can use mk2 and similar old devices only as collectible items, use them for spare parts, or just recycle.
The same limitations that exist with the coldcard firmware would exist on the Passport firmware or the DaveF & dkbit98 firmware.
But yes, I have them somewhere and sooner or later will remember to bring them to the e-waste recycling place.
It is what it is, they don't care about old users and just want to sell new HW at full price, that's fine it's their business they can do what they want. I just don't have to give them anymore of my BTC
-Dave
And this is it right there. There are known flaws, fine I don't expect a Mk4 for free to replace my Mk2. Just give me something.
It would be super cool if Passport would somehow add option of loading their source code on older coldcard devices, that would piss off NVK very much In reality, you can use mk2 and similar old devices only as collectible items, use them for spare parts, or just recycle.
That doesn't mean it isn't worthwhile pursuing. The average person does not care about privacy - that does not mean we should abandon privacy tools. Hell, the average person does not care about bitcoin, and is happy just to live in their little mass surveillance bubble, using their government controlled currency which can be censored or seized at any time.
Oh, I thought we should only care about things we are presented by government, media tv programing, or influencers on social media 
If we agree that the average Joe won't bother using an open-source wallet, when all the ads and Google searches point them towards a closed-sourced one, I don't see them doing any research about who the original creators of the code were. A very small number of people will care about that information.
That doesn't mean it isn't worthwhile pursuing. The average person does not care about privacy - that does not mean we should abandon privacy tools. Hell, the average person does not care about bitcoin, and is happy just to live in their little mass surveillance bubble, using their government controlled currency which can be censored or seized at any time.And again, there are plenty of examples of thriving open source projects throughout the bitcoin ecosystem as well as throughout tech in general. The assertion that if you make an open source product it will immediately be cloned and you will put out of business is demonstrably false.
Do you want to buy a wallet from the people who developed and wrote the code themselves, or from the people who copied it verbatim?
The amount of people who care about the open vs closed-source dilemma outside of this forum and similar online gatherings is surely not that big. Some people I have traded face-to-face with use Binance exchange as a wallet and Trust Wallet. There is nothing I can do to change their mind. Only a negative experience can make them approach this differently. If we agree that the average Joe won't bother using an open-source wallet, when all the ads and Google searches point them towards a closed-sourced one, I don't see them doing any research about who the original creators of the code were. A very small number of people will care about that information. 
You develop, get copied, develop, get copied, copied copied, what's the point?
Because it drives development.There are many reasons why Apple, Microsoft, Alphabet, Nestle, Mars, Pfizer and other big corporations stay in their niche and don't interrupt in small businesses.
Exactly. So there is far more nuance to it than your initial claim that someone rich can just clone your product and drive you out of business. If that was the case then Trezor wouldn't exist, Passport wouldn't exist, BitBox wouldn't exist. All the best pieces of software for using bitcoin - Electrum, Sparrow, Bisq, Robosats, etc. - are open source, and are yet to be cloned and driven out by a rich competitor. The same is true for bitcoin itself.hmm I supposed apple could clone trezor and have a bug built in crashing all of btc.
Whatever bugs an individual hardware wallet have is irrelevant to bitcoin as a whole. There is no way for a single wallet to crash the network.If apple made a wallet on the iPhone and a hardware wallet that appeared to be far better than any other wallet. How many btc do you think would sit in it?
10,000 btc
100,000 btc
1,000,000 btc
maybe btc could survive 1,000,000 being stolen from wallets all over the world.
My point is if a wallet can't be cloned or made popular ie closed source it would have added security over a clone able open source. If the actor or developer was honest and did a good job building it.
So some closed source should be floating around along with some open source. The key is that no one hardware wallet model Trezor or passport or what ever should have 3 or 4 million of all the coins there are.
You develop, get copied, develop, get copied, copied copied, what's the point?
Because it drives development.There are many reasons why Apple, Microsoft, Alphabet, Nestle, Mars, Pfizer and other big corporations stay in their niche and don't interrupt in small businesses.
Exactly. So there is far more nuance to it than your initial claim that someone rich can just clone your product and drive you out of business. If that was the case then Trezor wouldn't exist, Passport wouldn't exist, BitBox wouldn't exist. All the best pieces of software for using bitcoin - Electrum, Sparrow, Bisq, Robosats, etc. - are open source, and are yet to be cloned and driven out by a rich competitor. The same is true for bitcoin itself.hmm I supposed apple could clone trezor and have a bug built in crashing all of btc.
Whatever bugs an individual hardware wallet have is irrelevant to bitcoin as a whole. There is no way for a single wallet to crash the network. If company's work will be easily copied and sold better with high budget marketing, then one will rarely bother to create such a good product.
Alternatively, if their code can be used by competitors then it incentivizes them to continue to develop and improve. Then I, a rich guy, hired some developers, copied your code and with way bigger marketing budget, released a product built on your code and somehow because of our bigger budget, we managed to become more popular than you and finally took you over.
Then why have we not seen Microsoft Trezor or Apple Passport? These wallets are open source and anyone can clone them. It's not as simple as that. Do you want to buy a wallet from the people who developed and wrote the code themselves, or from the people who copied it verbatim?hmm I supposed apple could clone trezor and have a bug built in crashing all of btc.
They could work in conjunction with microsoft. That would be quite a shitstorm.
and they would not be able to do it to a cold card correct?
If company's work will be easily copied and sold better with high budget marketing, then one will rarely bother to create such a good product.
Alternatively, if their code can be used by competitors then it incentivizes them to continue to develop and improve. Then I, a rich guy, hired some developers, copied your code and with way bigger marketing budget, released a product built on your code and somehow because of our bigger budget, we managed to become more popular than you and finally took you over.
Then why have we not seen Microsoft Trezor or Apple Passport? These wallets are open source and anyone can clone them. It's not as simple as that. Do you want to buy a wallet from the people who developed and wrote the code themselves, or from the people who copied it verbatim?If company's work will be easily copied and sold better with high budget marketing, then one will rarely bother to create such a good product.
Alternatively, if their code can be used by competitors then it incentivizes them to continue to develop and improve. Then I, a rich guy, hired some developers, copied your code and with way bigger marketing budget, released a product built on your code and somehow because of our bigger budget, we managed to become more popular than you and finally took you over.
Then why have we not seen Microsoft Trezor or Apple Passport? These wallets are open source and anyone can clone them. It's not as simple as that. Do you want to buy a wallet from the people who developed and wrote the code themselves, or from the people who copied it verbatim?I can understand the arguments for source verifiable, but I will still argue that open source is better for the product and for the wider ecosystem, especially when your source verifiable project was built using other people's open source code.
We discussed this before, and my point remains the same: Coldcard used a huge variety of open source libraries and code when they built their device. To turn around and prevent people doing the same for their code is hypocrisy.
Yes, we discussed it before and I remember it very well, I read all of your posted sources too.Yes, they used but Coldcard is not a Trezor's copy/paste while Passport is CC's copy/paste. Passport is the reason why CC is not open-source.
If you are worried about someone building on top of your code and making a better product, the solution is to improve your own product, not stifle development and innovation, which is bad for everyone.
You put endless work to improve your product, then Passport copy/pastes it and both of you are on the same level. The difference is, you do the work and they gain the benefits. We can compare CC and Passport to Nikola Tesla and Thomas Edison.Where would bitcoin be now if Satoshi had released bitcoin under a "source verifiable" license but prevented other people from developing on top of it?
Bitcoin is not the first cryptocurrency but somehow it become massively popular and none copy/pasted altcoins or even improved altcoins took it over and it's a little strage for me. Bitcoin users usually say that what they love about bitcoin is its decentralized nature and anonymity (it's not) and then my question is, why choose Bitcoin when you have Monero? By the way Satoshi has mined lots of bitcoins for himself, so, what he has to worry about?
My point is that the fact that ColdCard is a source verifiable doesn't make it any bad, I would use this wallet at any time because it's superior compared to other mainstream wallets.
Will Coldcard improve its product if they gain financial profit? Sure. Is the source open and can anyone read it and verify? Yes, that's what's important for me, as a wallet owner. Do you want to learn more about bitcoin hardware wallet softwares? You can read every single line of their source code anytime you wish, so, you can learn from them and come up with your product if it's better and not totally based on their source code.
I am not going to tolerate anyone saying Passport is a "copy-paste"; at this point it is a ridiculous statement. As we've said many times before, we ported parts of the codebase to a fresh MicroPython repo.
It is impossible for Passport to be a copy-paste because it's completely different hardware with different hardware features. We have an entire GUI as well. Take 5 minutes to do a diff between our repos and you will quickly see that it's a load of nonsense. It's blatant slander by NVK and team.
You cannot seriously try to compare Coldcard to Nikola Tesla when they simply started a MicroPython project, pulled in Trezor's crypto libraries, added a secure element, and wrote some PSBT code. Everyone is building on top of everyone else; that is how open source is supposed to work.
I came to this thread at a good time.
I have Trezor 1
I have Trezor T
I was looking at your passport and I was interested in using it.
Why should I use it?
Is
Trezor to Coldcard to passport simply an evolution of wallet technologies.
Are you accessible in general via pm?
I would like to see how your gear works as compared to my trezors.
Why would they waste their time going through the GitHub of a "source verifiable" project knowing they can't do anything with that code, when they could spend their time going through the GitHub of an "open source" project knowing they can use that code for anything they like?
"Source accessible" or "source verifiable" simply means fewer people will be looking at the code than they would if it were open source. And for the ordinary wallet user, this is what matters.
ColdCard has a good security, right? And if company profits from their product, they'll have a motivation to improve their product or others will sink them. If company's work will be easily copied and sold better with high budget marketing, then one will rarely bother to create such a good product. Also, I want to emphasize that Coldcard's wallet source code, that is publicly available for everyone to view. Yes, you can't copy their code and build a new product on top of that but if developer wants to know what's happening behind the scenes, to learn what makes ColdCard such a secure wallet, any developer can view it's code and do whatever they want in their computer. It's a great opportunity to learn and enlighten yourself. I genuinely believe, such a publicly available code will help and inspire others to create a better product than ColdCard is."Source accessible" or "source verifiable" simply means fewer people will be looking at the code than they would if it were open source. And for the ordinary wallet user, this is what matters.
Let's say you are a developer and I am a rich guy. You spent days and night to create a very secure bitcoin wallet, yes, you built it on others work but still you created a new and advanced code. You created a hardware wallet built on your code and started manufacturing and releasing of them. Then I, a rich guy, hired some developers, copied your code and with way bigger marketing budget, released a product built on your code and somehow because of our bigger budget, we managed to become more popular than you and finally took you over. I think this is a very logic scenario. That's why I am more tolerant in this case.
The old ones work BUT there have been some issues found that have not been fixed.
The biggest problem would be if there is a flaw with the security of the seed phrases and if they were created with faulty and insufficient entropy. But I don't think that's the case. I think the old Mks use a Secure Element that can be manipulated to reveal secrets if the attacker has them in their possession. But since it's an airgapped device, you aren't affected by anything happening on the internet. Someone correct me if I am wrong.But, and I know this makes me look cheap, if you bought a Mk1 and a Mk2 and a Mk3 give me some kind of loyalty discount.
It doesn't make you look cheap, and in your shoes, I would expect the same thing. Loyalty should be rewarded to a certain degree. Their main developer is active on Bitcointalk. PM him and ask if you don't have issues with privacy.1) Yes they needed to have access and IIRC there was another issue where you could get access as an attacker.
2) Did ping out when the 4th gen came out never heard back.
I like their products, and coinkite even did me a solid when an opendime I had died:
https://bitcointalksearch.org/topic/m.56370760
But for some reason, they seem to just be pushing the 'buy a new one' with the coldcards.
-Dave
The old ones work BUT there have been some issues found that have not been fixed.
The biggest problem would be if there is a flaw with the security of the seed phrases and if they were created with faulty and insufficient entropy. But I don't think that's the case. I think the old Mks use a Secure Element that can be manipulated to reveal secrets if the attacker has them in their possession. But since it's an airgapped device, you aren't affected by anything happening on the internet. Someone correct me if I am wrong.But, and I know this makes me look cheap, if you bought a Mk1 and a Mk2 and a Mk3 give me some kind of loyalty discount.
It doesn't make you look cheap, and in your shoes, I would expect the same thing. Loyalty should be rewarded to a certain degree. Their main developer is active on Bitcointalk. PM him and ask if you don't have issues with privacy. Is reproducible does not mean it is open source or the site is not correct about it.
Reproducibility is one segment of open-source code. It's one of the conditions to be considered open-source, but not the only one. In an open-source world, you would be able to take any such code, modify it, better it, change it, put it in your product, and sell that product. If someone finds what you did useful, they could take your code and do the same, or just copy it in its entirety with no or minor changes. Coldcard doesn't allow anyone to use their codebase in the products they will later sell. But the funny part is that they built their own hardware wallets on open-source code written by others.I use a ColdCard but am thinking of moving to something else.
They seem to be dropping support for older HW and I really don't like the attitude of 'just buy a new one'
How many updates are really needed in an airgapped wallet like the Coldcard? It only supports Bitcoin and is a simple signing device of transactions that are later exported and broadcasted elsewhere. Are your devices not working as they should for some reason that would warrant a fix in the form of an update?They seem to be dropping support for older HW and I really don't like the attitude of 'just buy a new one'
The old ones work BUT there have been some issues found that have not been fixed. And there have been some things added that could be added to the Mk 1/2 that just have not been. How long till they do the same with the 3. I understand the fact that your can't fix old HW bugs and that the older hardware can't run the newer code.
But, and I know this makes me look cheap, if you bought a Mk1 and a Mk2 and a Mk3 give me some kind of loyalty discount. I know they remove all client info after X days, but there are ways to get around this if you really care enough.
I know a lot of other makers do the same, and that means they will not get my money either.
On the other side keystone spun off from the parent company and still managed to give old users of someone else's wallet a HEFTY discount on their items.
...Sure, some of them are discontinued because of big security flaws, that is much better than ledger creating graveyard for fashion purposes....
And this is it right there. There are known flaws, fine I don't expect a Mk4 for free to replace my Mk2. Just give me something.
-Dave
I don't like the stupid trend of changing hardware wallet devices every year like smartphones
But that's what this shitty world we live in has turned into, and it will only keep getting worse. Companies whose profit is generated from selling you hardware will keep coming up with newer and "better" devices while doing everything in their power to make you abandon the old ones. Plus, there are now subscription packages for every little thing, in-app purchases, no ad premium packages, and other nonsense. Jump to: