Re: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities
To be honest, here 'open source' is thrown around wildly (blog posts and whitepapers are no 'source' of anything).. 
They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?
The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.
A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.
All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.
They are taking credit for their '+150 applications' being open source, meanwhile are not writing those themselves, right? The individual coins' developers make them, don't they?
The SDK pretty much has to be open-source if they want altcoin developers to make the accompanying Ledger app for them (for free?); so nothing to take much credit for there, either.
A whitepaper cannot be 'open / closed source' since (1) it's not a source of anything (neither software, nor hardware), (2) you don't write a whitepaper if you don't intend to publish it.
All these blogposts, little tools and whatever they want to provide are just fillers for the big void on the infographic: the firmware remains closed.
As long as that doesn't change, their ability to include backdoors doesn't change. No matter how many blogposts they publish, whether they open-source some dashboard or individual apps. We need the firmware source code; anything else is pointless.
Well said. Lots of fluff, nothing that actually changes anything. Just a continuation of bullshittery, and not a good one at that.
I mean let's look at that step for step.
Already Open Source -- Yeah, I guess congratulations for using an open source cryptography library like any sane person would? Mentioning 150+ third party applications is just obvious padding. To be fair, not all SDKs are open source, but it's a really low bar and pretty much standard unless you are aiming for a very small niche and don't care about fostering a community of developers.
In the Coming Days -- A whitepaper and a few blog posts. *slow clap* Admittedly I am curious about the whitepaper though.
In the Coming Weeks -- Providing "tools to implement your own shard backup provider" is the first (and only) thing that sounds remotely like a step in the right direction (ignoring the core of the problem that is the devices' capability to send the seed over the internet, but that ship has sailed). "Open sourcing of the dashboard which is a specific part of the OS containing Recover implementation" is practically useless and just a thinly veiled diversion. But hey, maybe they get to out source the development of a dark theme for the dashboard to the community. Win-Win.
In the Coming Months -- "Modularize even more the OS in order to keep as little as possible the part that must be trusted." That's the sort of sentence that you dictate your intern to quickly jot down as a talking point, only for them to just use it word for word in the official communication without a second thought. Either way, that part of the roadmap is the most interesting to translate:
"In the Coming Months" => "We don't plan to actually do this, but if you keep pestering us we'll eventually have to throw you guys a bone in a year or two."
"Modularize even more the OS in order to keep as little as possible the part that must be trusted." => "Refactor the code in a way that keeps the nasty bits out of sight."