Search content
Sort by
Showing 20 of 67 results by zherbert
Thanks, I did it. Everything vent like a charm and my Passport 2 is on the latest 2.3.5. Good that I was not hasty with the update and discovered from foundationdvcs that the problem was buried into version 2.3.2.
May I ask just of my curiosity what could do in this case those users who have experienced frozen device . Instruction you have referred to says users should install developer key preliminary to avoid freeze but they will not be able to this if their devices are already stuck. Is there any workaround for such case?
We had an obscure bug that we missed when QAing v2.3.2. Essentially all of the developers and team who QAs Passport has developer pubkeys installed so we can install internal betas and public betas. The bug checked to see if there was a developer pubkey in the slot in the secure element – if the slot was empty, the firmware update froze.
We all missed the bug, as well as all external beta testers too, since to test the beta you needed to have the developer pubkey added!
The firmware update process didn't care what pubkey was in the slot, only that the slot was not empty. If it was empty it got stuck at 98%.
Was very hard to reproduce this, but once we did we quickly understood what happened and fixed it. Sincere apologies for the inconvenience.
I see that foundationdvcs hasn't mentioned yet that in about one month time they are releasing some new type of device or tool.
There isn't much information available at this stage except a mysterious text saying, "Beyond the Hardware Wallet". Based on that, I don't think they will release a new hardware wallet. Could it be something for backing up seeds? Maybe a physical 2FA device?
You can follow Foundation's new page for this update here: https://foundation.xyz/beyond/
They have released an image of the product on X: https://x.com/FOUNDATIONdvcs/status/1856386242805674223
Talkimg is in maintenance mode, so I can't share it here.
There isn't much information available at this stage except a mysterious text saying, "Beyond the Hardware Wallet". Based on that, I don't think they will release a new hardware wallet. Could it be something for backing up seeds? Maybe a physical 2FA device?
You can follow Foundation's new page for this update here: https://foundation.xyz/beyond/
They have released an image of the product on X: https://x.com/FOUNDATIONdvcs/status/1856386242805674223
Talkimg is in maintenance mode, so I can't share it here.
You might want to start a new post for this one
⭐ Merited by ABCbits (1)
We bought one immediately for testing.
https://x.com/zachherbert/status/1816864071276462174
My succinct take is that Ledger Stax's 180 degree curved eink display was extremely difficult and expensive to make at scale, without defects, and has a very high defect rate. Ledger likely spent tens of millions of dollars on screen development and has to put aside a very high percentage of screens at production due to fallout. Therefore the 1 year+ delays and price increase to $399.
Interestingly enough, the Flex has a much faster refresh rate + input response time due to a likely use of an existing eink panel (no custom tooling, etc). My guess is Ledger will cancel Stax within 12 months.
https://x.com/zachherbert/status/1816864071276462174
My succinct take is that Ledger Stax's 180 degree curved eink display was extremely difficult and expensive to make at scale, without defects, and has a very high defect rate. Ledger likely spent tens of millions of dollars on screen development and has to put aside a very high percentage of screens at production due to fallout. Therefore the 1 year+ delays and price increase to $399.
Interestingly enough, the Flex has a much faster refresh rate + input response time due to a likely use of an existing eink panel (no custom tooling, etc). My guess is Ledger will cancel Stax within 12 months.
"You get what you pay for". Maybe I'm not correct but it seems that the only company that pays attention to the quality of their products is Foundation. Regarding Ledger. This company grabbed my negative attitude over two years ago when their bought and paid for s+ model refused to be powered up due to the bad USB cable issue included into their original package.
Foundation has it's own issues. I got one for somebody when they 1st came out and now it's just a dead as mine listed above. But, since it was not in my control at all I didn't include it in the list.
If I put in the list of all the people I know with hardware wallet issues theymos would need to get more data storage for the forum. OK, it's not THAT bad but still.
I have a little security token that a bank gave me (for free) that has to be 10 years old at this point that still works. No it's nowhere as complex as a HW wallet but still....
-Dave
Our original Founders Edition (first 1000 units) have lasted pretty well, but we've had some issues with internal display cable coming loose or damage to the monochrome display. We've given complimentary replacements for our latest Passport gen 2 to any Founders Edition customers who had issues. Our current gen is holding up extremely well and we use higher quality materials than anyone else in the space.
We read everything posted here and take any feature requests into consideration. We appreciate your input! This next release is pretty massive.
Can we expect anything special coming from Foundations around Bitcoin Halving date?I know few other hardware wallet manufacturers are working on releasing special bitcoin only editions, and maybe there will be some discounts available.
We will be doing a cool halving collab with some other great companies in the space (stay tuned!) but we don't usually do any kind of discounts. I'll see if we can do something special, maybe some kind of bundle.
I am very excited that in the next few weeks we will bring back our customer referral program, the Ambassador Program. Will give an opportunity to refer Passport and get exclusive swag alongside Bitcoin rewards!
We read everything posted here and take any feature requests into consideration. We appreciate your input! This next release is pretty massive.
Can we expect anything special coming from Foundations around Bitcoin Halving date?I know few other hardware wallet manufacturers are working on releasing special bitcoin only editions, and maybe there will be some discounts available.
[/quote]
We will be doing a cool halving collab with some other great companies in the space (stay tuned!) but we don't usually do any kind of discounts. I'll see if we can do something special, maybe some kind of bundle.
I am very excited that in the next few weeks we will bring back our customer referral program, the Ambassador Program. Will give an opportunity to refer Passport and get exclusive swag alongside Bitcoin rewards!
Ha ha, my request on adding the master seed SeedQR-export into future release didn't leave Foundation hanging. The coming v.2.3.0 will implement it as it is evidenced by beta variant already dangling on the official github. Among other noticeable features is long expected (at least by me) " native OP_RETURN message viewing and signing". What a release!
We read everything posted here and take any feature requests into consideration. We appreciate your input! This next release is pretty massive.
Re: Square is considering making a hardware wallet for Bitcoin
$150 for a closed source box with no screen which means you have to sign your transactions blindly and which gives Block the ability to completely surveil all your transactions. Seems like all the concerns we raised multiple times in this thread have been completely ignored and Block have powered ahead with the worst possible combination of features.
Hard pass.
Hard pass.
Even worse, Jack's original 2021 announcement said that their work would be open source (as much as possible), as did one of their early blog posts.
I asked one of their leads on Twitter who replied "Yes we still plan to publish our code before we ship" (https://x.com/max_guise/status/1732808300427690113?s=20)
As we know, "publish" code is different from open source. Unfortunately Max did not reply to my followup questions asking about commitment to using FOSS licenses. Hopefully they will follow through on Jack's original commitment.
What makes you say that? There is literally nothing open source about this chip, nor any secure element, nor any MCU or processor used in any hardware wallet or computing device.
Are you saying this is not true?This is official github page for this secure element:
https://github.com/Infineon/optiga-trust-m
Quote
The MIT License
https://github.com/Infineon/optiga-trust-m/blob/develop/LICENSEIt is not related with Trezor, but github clearly shows that Optiga Trust M secure element have MIT open source license code, and that can be confirmed.
Firmware for Trezor was already open source, so I really don't see any issue here.
This has nothing to do with the chip. This is specifically a software framework to interact with the chip. Like an SDK. Of course it's open source.
Microchip, for example, offers a similar SDK for their secure elements (like the 608b) called "cryptoauthlib" (https://github.com/MicrochipTech/cryptoauthlib). All code is viewable and they have a basic copyright that doesn't restrict its use (except that it must be used with Microchip products).
This Infineon chip used by Trezor is absolutely no more open than any other competing chip, except that Trezor purchases it without signing an NDA. That's it.
Yes, Trezor 3 Safe is using open source secure element model Infineon OPTIGA Trust M, and that can be verified.
Most of the other brands are using secure elements that are closed source.
What makes you say that? There is literally nothing open source about this chip, nor any secure element, nor any MCU or processor used in any hardware wallet or computing device.
To my understanding, Trezor just made some claims about being able to publicly disclose vulnerabilities because they didn't sign an NDA with the manufacturer.
Material mentioned in video is zirconium dioxide, I don't think that is ceramic, it's more like a metal.
I am not sure. At around 2:00 in the video, the guy mentions that Zirconium Dioxide is a ceramic material. If you google "zirconium dioxide ceramic", the first result is a Wikipedia source that states: "Zirconium dioxide is one of the most studied ceramic materials." At the same time, if you ask google, "is zirconium dioxide a metal", it tells you "Zirconium dioxide, also known as zirconia and zirconium oxide, is a crystalline metal oxide that has found its way into the ceramics industry."
Sources:
https://en.wikipedia.org/wiki/Zirconium_dioxide
https://matmatch.com/learn/material/zirconium-dioxide-zirconia
Zirconium Dioxide is a ceramic material and has been used in luxury watches like Omega's all-black Dark Side of the Moon Speedmaster.
It saddens me that so many new entrants are pushing blind signing (without a screen). It feels like a major regression in security model. I would have hoped that the industry had learned from Ledger's first Nano device a decade ago (screen-less), but it seems like new entrants are repeating the mistakes of the past.
We discussed this before, and my point remains the same: Coldcard used a huge variety of open source libraries and code when they built their device. To turn around and prevent people doing the same for their code is hypocrisy.
Yes, we discussed it before and I remember it very well, I read all of your posted sources too.Yes, they used but Coldcard is not a Trezor's copy/paste while Passport is CC's copy/paste. Passport is the reason why CC is not open-source.
If you are worried about someone building on top of your code and making a better product, the solution is to improve your own product, not stifle development and innovation, which is bad for everyone.
You put endless work to improve your product, then Passport copy/pastes it and both of you are on the same level. The difference is, you do the work and they gain the benefits. We can compare CC and Passport to Nikola Tesla and Thomas Edison.Where would bitcoin be now if Satoshi had released bitcoin under a "source verifiable" license but prevented other people from developing on top of it?
Bitcoin is not the first cryptocurrency but somehow it become massively popular and none copy/pasted altcoins or even improved altcoins took it over and it's a little strage for me. Bitcoin users usually say that what they love about bitcoin is its decentralized nature and anonymity (it's not) and then my question is, why choose Bitcoin when you have Monero? By the way Satoshi has mined lots of bitcoins for himself, so, what he has to worry about?
My point is that the fact that ColdCard is a source verifiable doesn't make it any bad, I would use this wallet at any time because it's superior compared to other mainstream wallets.
Will Coldcard improve its product if they gain financial profit? Sure. Is the source open and can anyone read it and verify? Yes, that's what's important for me, as a wallet owner. Do you want to learn more about bitcoin hardware wallet softwares? You can read every single line of their source code anytime you wish, so, you can learn from them and come up with your product if it's better and not totally based on their source code.
I am not going to tolerate anyone saying Passport is a "copy-paste"; at this point it is a ridiculous statement. As we've said many times before, we ported parts of the codebase to a fresh MicroPython repo.
It is impossible for Passport to be a copy-paste because it's completely different hardware with different hardware features. We have an entire GUI as well. Take 5 minutes to do a diff between our repos and you will quickly see that it's a load of nonsense. It's blatant slander by NVK and team.
Re: Square is considering making a hardware wallet for Bitcoin
in principle, every new competitor on the market should be viewed positively. be it in terms of hardware wallets or e.g. mining.
Regarding Square's hardware device, which is not a hardware wallet, the one positive thing is that another brand could take a look at it and decide it's useless. But they could draw inspiration from it and actually create something meaningful and safe. But since this device is meant to target newbies and first-time crypto users, I think it will succeed regardless of its drawbacks. Good marketing results in wonders. I can attest that we are drawing inspiration and discussing how to build a similar product at a similar cost without the multitude of drawbacks I noted in my blog post.
I just want to clarify the claims that future Trezor models will have "open source secure elements" made by TropicSquare:
Slush replied to my tweet confirming:
Not to rain on everyone's open source parade, but all the TropicSquare chip will be is a partially open source secure element, with elements of the chip still black-box due to closed source foundry PDKs with foundry NDAs.
Quote
To be very clear – it is impossible for @Trezor to release the "first open-source secure element on the market" if they are not using the OpenPDK at Skywater foundry (130nm process or maybe 90nm when available).
TropicSquare prototypes are made at UMC in Taiwan – their PDK (process design kit) is closed source, meaning that parts of the chip will be closed source.
I am growing tired of so many Bitcoin and crypto companies wielding the term "open source" for marketing purposes while slowly diluting the definition.
It is fair to say that TropicSquare will have an "open architecture" and that parts of the chip will be "open source" – but this will not be a panacea or the "first open-source secure element."
The best project building an open source Secure Enclave is https://betrusted.io which uses an FPGA to run a simulated RISC-V chip in which the entire simulated chip is open source.
Otherwise there are no good efforts.
If we @FOUNDATIONdvcs were to build an actual open source secure element chip, we would do something very simple at 130nm or 90nm at Skywater using their OpenPDK – and open source the entire chip.
https://twitter.com/zachherbert/status/1712503156721029490TropicSquare prototypes are made at UMC in Taiwan – their PDK (process design kit) is closed source, meaning that parts of the chip will be closed source.
I am growing tired of so many Bitcoin and crypto companies wielding the term "open source" for marketing purposes while slowly diluting the definition.
It is fair to say that TropicSquare will have an "open architecture" and that parts of the chip will be "open source" – but this will not be a panacea or the "first open-source secure element."
The best project building an open source Secure Enclave is https://betrusted.io which uses an FPGA to run a simulated RISC-V chip in which the entire simulated chip is open source.
Otherwise there are no good efforts.
If we @FOUNDATIONdvcs were to build an actual open source secure element chip, we would do something very simple at 130nm or 90nm at Skywater using their OpenPDK – and open source the entire chip.
Slush replied to my tweet confirming:
Quote
Fair, this is statement from soc media manager and it is missing nuances.
When you dig into Tropic Square docs, you'll see they are honest about not being *fully* opensource. But the digital design (and everything designed by Tropic Square inhouse) will be fully open source.
https://twitter.com/slush/status/1712552686342779354When you dig into Tropic Square docs, you'll see they are honest about not being *fully* opensource. But the digital design (and everything designed by Tropic Square inhouse) will be fully open source.
Not to rain on everyone's open source parade, but all the TropicSquare chip will be is a partially open source secure element, with elements of the chip still black-box due to closed source foundry PDKs with foundry NDAs.
Re: Square is considering making a hardware wallet for Bitcoin
My main concern is beta units seem to be going out, but source code is nowhere to be found.
Update on Stax from Ledger, looks like they are delayed due to the curved e-ink display. There is no new delivery date specified.
https://app.news.ledger.com/e/es?s=1909208&e=658949&elqTrackId=efd74c1a1b7a40299e524d6e5aa03bea&elq=dac020f6a554448cb87c74246b90cb5a&elqaid=674&elqat=1
https://www.youtube.com/watch?v=o1hyxbZibaY
I had predicted this is what was causing issues. https://twitter.com/zachherbert/status/1682015265326874630
Ironically the curved e-ink is only there to show a wallet label on the side so you can "stack" multiple devices together. I don't understand why anyone would need more than one device?
https://app.news.ledger.com/e/es?s=1909208&e=658949&elqTrackId=efd74c1a1b7a40299e524d6e5aa03bea&elq=dac020f6a554448cb87c74246b90cb5a&elqaid=674&elqat=1
https://www.youtube.com/watch?v=o1hyxbZibaY
I had predicted this is what was causing issues. https://twitter.com/zachherbert/status/1682015265326874630
Ironically the curved e-ink is only there to show a wallet label on the side so you can "stack" multiple devices together. I don't understand why anyone would need more than one device?
I never said they are cheap or cheapest wallet in the world, but they are certainly airgapped open source devices with fair price.
Keystone is not open source, and I have been considering writing a blog posts that dives into their claims.
Here's their 5 GB+ Android OS that does not have source code available:
https://github.com/KeystoneHQ/Keystone-system
Quote
Due to copyright, some vendors’ code cannot be made public, and we have removed some of the code from the source code. Therefore this open source code cannot be compiled. However, we can share this part of code under an NDA if you want to fully verify the code and reproduce it. Please send an email to eng@keyst.one. Since the size of a single repo on github cannot exceed 5G, we put the code on AWS. You can access the code through this link: keystone-system
What about their secure element firmware? Looks like that code can only be compiled with proprietary ARM software called Keil. https://github.com/KeystoneHQ/keystone-se-firmware
Additionally, there is no information as to who even makes their secure element. It's some kind of white labeled processor. https://github.com/KeystoneHQ/Keystone-developer-hub/blob/main/hardware/Keystone_V1.02_BOM.xls
Furthermore, their hardware schematic is not all-inclusive and omits the self-destruct mechanism.
Hopefully Keystone 3 will actually be open source, but I am growing tired of hardware wallet companies hiding behind false claims of open source. It really damages the definition and I consider it attack on the FOSS movement.