Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
July 06, 2023, 06:15:06 PM Last edit: July 07, 2023, 03:42:35 PM by Pmalek Merited by DireWolfM14 (1) |
|
The code is verifiable, not open source.
I think that's what matters the most, well, at least for me. If I was looking exclusively for open-source products, I wouldn't let Coldcard's change of license stop me from purchasing their hardware wallet. I called it politics in the past, and I am not interested in it. I certainly don't agree with their development team building on freely available code only to make it unavailable to others once they considered it a finished product. A bitch move! But when people preach the importance of open-source, it's mostly about being able to verify that everything functions as advertised. Even that's something that most people can't do, let alone build upon the code.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
I called it politics in the past, and I am not interested in it. It is hypocritical and dishonest at best, and dangerous at worst. If no one is allowed to build on your code or use your code for anything, then you are going to have far fewer people looking at it, examining it, testing it, using it. As you say, few people can actually interrogate the code themselves, and most users rely on independent developers or power users examining the code of open source projects on their behalf. If you aren't actually allowed to do anything with the code, then there is far less incentive to spend your time going through it.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17627
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
July 07, 2023, 12:24:25 PM |
|
Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy. Are they even allowed to change from GPL to MIT license? If they're building on other GPL software, they have to keep the same license for their own software: GNU General Public License (GPL): The GPL is one of the most well-known open source licenses. It is considered a restrictive license, as it requires that any changes made to the code must be released under the same GPL license, and any software that uses the code must also be released under the same GPL license. Additionally, if a user distributes the software, they must also provide the source code and any changes they made to it.
|
| | Peach BTC bitcoin | │ | Buy and Sell Bitcoin P2P | │ | . .
▄▄███████▄▄ ▄██████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA LATIN AMERICA | | | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
███████▄█ ███████▀ ██▄▄▄▄▄░▄▄▄▄▄ █████████████▀ ▐███████████▌ ▐███████████▌ █████████████▄ ██████████████ ███▀███▀▀███▀ | . Download on the App Store | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
▄██▄ ██████▄ █████████▄ ████████████▄ ███████████████ ████████████▀ █████████▀ ██████▀ ▀██▀ | . GET IT ON Google Play | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ |
|
|
|
Cricktor
Legendary
Offline
Activity: 938
Merit: 1448
Crypto Swap Exchange
|
|
July 07, 2023, 01:53:19 PM |
|
Are they even allowed to change from GPL to MIT license?
I have been asking this myself almost all the time when the drama with nvK and his policies came up. I didn't want to follow it closely, therefore I don't know much about the details of licenses of the source code nvK's company used when they built ColdCard firmware. In my opinion it's a shitshow and an embarrassingly bad one, too. You simply can't argue that you have heavily modified the original code and made your version much much better. It still originates from some license and you have to follow that. It defies the purpose of open-source if you change the license at your personal ego will. But frankly I lack the knowledge of all the shitshow's details as I don't want to devote time of my life to it.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
July 07, 2023, 03:54:25 PM |
|
It is hypocritical and dishonest at best, and dangerous at worst. If no one is allowed to build on your code or use your code for anything, then you are going to have far fewer people looking at it, examining it, testing it, using it. As you say, few people can actually interrogate the code themselves, and most users rely on independent developers or power users examining the code of open source projects on their behalf. If you aren't actually allowed to do anything with the code, then there is far less incentive to spend your time going through it. No one can prevent you from looking at the code and testing it for security vulnerabilities. It's public, go ahead. But you can't use it as a base to build your own software. Whether the code is open-source or not and someone finds bugs or vulnerabilities in it, you can only do one thing. You open an issue about it on GitHub and inform the team. It's the devs who need to patch it up, change it, or get rid of the faulty code. You might say, the software is open-source, I can do it myself. In that case we are going back to the verifiability dilemma. The most important thing is that the necessary code is public so you can go through it and change it according to your needs. In case of the Coldcard, it's equally public as Trezor or Passport. nvK doesn't know what is running on your local machine.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2338
Merit: 4541
Join the world-leading crypto sportsbook NOW!
|
|
July 07, 2023, 04:59:01 PM |
|
Coldcard also built on many open source libraries (not just Trezor's) when they designed their product. For them to start whining about people building up their open source library is just pure hypocrisy. Are they even allowed to change from GPL to MIT license? If they're building on other GPL software, they have to keep the same license for their own software: GNU General Public License (GPL): The GPL is one of the most well-known open source licenses. It is considered a restrictive license, as it requires that any changes made to the code must be released under the same GPL license, and any software that uses the code must also be released under the same GPL license. Additionally, if a user distributes the software, they must also provide the source code and any changes they made to it. I think that's true, but the ColdCard offers more features than any other hardware wallet I've used. I'm no expert on the code, the licensing, or where the code originated, but having included features like (for example,) Bip85 (deterministic seed phrases that are backed up by the primary seed, which is a pretty slick feature,) could justify changing the licensing due to those features. If nvK wants to protect his intellectual property by protecting unique snippets, I don't see a problem with it as long as it's available to the public for scrutiny.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
July 07, 2023, 06:50:36 PM |
|
I'm no expert on the code, the licensing, or where the code originated, but having included features like (for example,) Bip85 (deterministic seed phrases that are backed up by the primary seed, which is a pretty slick feature,) could justify changing the licensing due to those features. If nvK wants to protect his intellectual property by protecting unique snippets, I don't see a problem with it as long as it's available to the public for scrutiny. I understand the reasoning of both camps. Those who say it's unethical to use open-source code to inspire you to build your own software, only to prevent others from doing the same and using your code in their products are right. It is. But if his product is superior in any ways, or he thinks it is, I understand why he would want to protect it. Business is cold, emotionless, and sometimes doesn't know logic and reasoning. If someone feels there is a breach of licensing agreements, sue him. Can it even be done?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
July 08, 2023, 08:21:17 AM |
|
If they're building on other GPL software, they have to keep the same license for their own software: According to their changelog, they first applied MIT-CC on everything that wasn't under GPL, and then worked to remove all GPL code so everything could be under MIT-CC. If nvK wants to protect his intellectual property by protecting unique snippets, I don't see a problem with it as long as it's available to the public for scrutiny. It is of course fine if he wants to do that. But it is equally fine for people like me to point out that doing so means fewer eyes on the code therefore less security, as well as pointing out it is bad for the space in general. Bitcoin is about freedom. If I'm buying a hardware wallet, I'm picking a company which aligns with that ethos, not Trezor paying blockchain analysis to spy on you, and not Coinkite locking down their code so it cannot be used by anyone else.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
July 08, 2023, 09:03:04 AM |
|
But it is equally fine for people like me to point out that doing so means fewer eyes on the code therefore less security... ...Coinkite locking down their code so it cannot be used by anyone else. I think these two parts of your post mean totally different things. Please tell me how you or anyone else can't scrutinize the Coldcard code and find issues with it if they exist? Yes, you can't use the code in your own software, sell it, releases it with such code, etc. Why exactly can't you analyze every line of it if it pleases you?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18726
|
|
July 08, 2023, 09:05:05 AM |
|
Why exactly can't you analyze every line of it if it pleases you? Why would I bother when I can't do anything with it? That's the point I'm making - not that I can't review the code, only that far fewer people will bother to do so since they can't use that code themselves.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
July 08, 2023, 09:11:16 AM |
|
Why would I bother when I can't do anything with it?
That's the point I'm making - not that I can't review the code, only that far fewer people will bother to do so since they can't use that code themselves. That's totally subjective I think. In that case, the problem is in the people not wanting to do it, and not the license that hinders you. If you want to, you have what you need to fork the code and use it on your own software. But do it privately and for your own benefit without making anything public. Who is going to stop you?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
August 12, 2023, 12:43:20 PM |
|
This isn't related to the Ledger Recover feature but also isn't significant enough for me to create a new thread about it. So I will just post it here. My current Ledger Live version is a few months old, so I checked the release notes of the versions that the company released after the one I currently have installed. I wanted to see if there is anything there that would warrant an update. Turns out that the brainiacs behind Ledger made a change starting with version 2.64.1. They call it an improvement. This "improvement" of theirs automatically downloads (and surely installs) new versions of Ledger Live in the background without asking the user or requiring that the user does it. So, if you prefer verifying the signatures of your downloads before installing them, the nice folks of Ledger have now made that impossible. You will first get the new update and after that revert back to an older version or do what you want with it. Maybe in the future they can install our firmware updates automatically as well, without us knowing. When the latest version of the Ledger Live desktop app is available, it will now be automatically downloaded, same as the current experience on your Ledger Live mobile app, so the update will not interrupt you while using the app. You can revert to the previous setting by using older versions of the Ledger Live desktop app. https://support.ledger.com/hc/en-us/articles/360020773319-What-s-new-in-Ledger-Live-?docs=true
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
RickDeckard (OP)
Legendary
Offline
Activity: 1148
Merit: 3118
|
|
August 12, 2023, 01:26:46 PM Last edit: August 15, 2023, 12:55:28 AM by RickDeckard |
|
(...) My current Ledger Live version is a few months old, so I checked the release notes of the versions that the company released after the one I currently have installed. I wanted to see if there is anything there that would warrant an update. Turns out that the brainiacs behind Ledger made a change starting with version 2.64.1. They call it an improvement. This "improvement" of theirs automatically downloads (and surely installs) new versions of Ledger Live in the background without asking the user or requiring that the user does it. (...)
Can't say that I'm surprised as we've talked about this moves in the past - Ledger would silently start implementing procedures that would make the users inevitably update to newer software updates (either their Ledger Live app or their Firmware).
On similar news, Ledger has also recently advanced in their "open source" roadmap[1] - starting from August 7th[2] - they have open sourced their dashboard which supposedly plays a key role in their "recover" feature.They also shared some tools that allow to implement our own shard backup provider. Here[3] is the specific repository within Ledger GitHub page, along with documentation[4] and scripts[5]. We all know that this "open source" is very limited, but suffice to say that will surely trick some users out there thinking that Ledger went "open source"... Is anyone able to find the "open source" of their dashboard? EDIT: Corrected some links. Thank you @Pmalek
[1] https://github.com/LedgerHQ/recover-whitepaper[2] https://support.ledger.com/hc/en-us/articles/360014980580-Ledger-Nano-X-firmware-release-notes[3] https://github.com/LedgerHQ/blue-loader-python[4] https://github.com/LedgerHQ/blue-loader-python/blob/master/README.md[5] https://github.com/LedgerHQ/blue-loader-python/tree/master/ledgerblue
|
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1401
Playbet.io - Crypto Casino and Sportsbook
|
|
August 12, 2023, 03:28:20 PM |
|
~snip
Perhaps this information is not important enough to create a new topic, as you claim, but it is still a very important detail for ledger users. I think in the future they will make it so that the old versions of ledger live will not work and their users will have no choice but to install the latest versions of this application, which, as you noticed, will already have an automatic update function built in. And in the future, this " improvement" of theirs will automatically send the contents of users wallets to wherever they want in ledger? It feels like the ledger live - ledger hardware wallet ecosystem is gradually becoming totally centralized.
|
|
|
|
Volgastallion
Sr. Member
Offline
Activity: 630
Merit: 314
CONTEST ORGANIZER
|
|
August 12, 2023, 07:19:19 PM |
|
I just see this because you already bump the thread, its something related but for all of you, that are not nearby gambling threads, we ahve here, a very rare exit scam made by Betnomi. THe thing is they send some ledger to some users in some predictions made by them. It took some time to get it, but it finally came last week. I had no time to post about it because I spent the whole month traveling, but here goes: Thanks Betnomi! ❤️️ Too late, they are long gone LOL The story of Betnomi.com (Exit Scam) : This is something fresh for you to study. By the way, don't cry later if the ledger wallet steal your crypto, who knows may be Betnomi created a backdoor in that device and when you will store something they will steal it. Are you not aware of Ledger recent update 😉? The question to all of your is, do you think that ledgers can be modified by them so they can acces and steal al your coins?
|
|
|
|
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ████████▄▄████▄▄░▄ █████▄████▀▀▀▀█░███▄ ███▄███▀████████▀████▄ █░▄███████████████████▄ █░█████████████████████ █░█████████████████████ █░█████████████████████ █░▀███████████████▄▄▀▀ ███▀███▄████████▄███▀ █████▀████▄▄▄▄████▀ ████████▀▀████▀▀ █▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀BitList▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . REAL-TIME DATA TRACKING CURATED BY THE COMMUNITY . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀List #kycfree Websites▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ |
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
August 13, 2023, 07:08:39 AM |
|
<Snip> Did you maybe link to the wrong sources? Your sources [3] and [4] are exactly the same. Source [5] refers to the old and discontinued Ledger Blue. And in the future, this "improvement" of theirs will automatically send the contents of users wallets to wherever they want in ledger? Despite their recent history, they can still turn things around and advertise this upcoming Recover feature as something extraordinary and worth using for newbies. We will see how that goes. Going down the road that you proposed is sure death to Ledger and I don't think they are that stupid. The question to all of your is, do you think that ledgers can be modified by them so they can acces and steal al your coins? Fake Ledger devices do exist, and we even had cases where individuals whose data got leaked had such devices shipped to them to their home addresses. But everything about those HWs was fake. If you opened them up, they had different hardware components compared to the examples Ledger has on its website. They also instructed the users to download and install fake Ledger Live software and not the official versions. Fake firmware was also part of the game. - A genuine Ledger HW looks as shown on the pictures above. - Only a genuine Ledger HW works and can connect to the official Ledger Live software. - Only a genuine Ledger HW can connect to Ledger servers and install official apps or firmware from the LL App Manager. If Betnomi modified their Ledger devices, you should notice that the things I mentioned above won't work.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1401
Playbet.io - Crypto Casino and Sportsbook
|
|
August 13, 2023, 09:01:25 AM |
|
And in the future, this "improvement" of theirs will automatically send the contents of users wallets to wherever they want in ledger? Despite their recent history, they can still turn things around and advertise this upcoming Recover feature as something extraordinary and worth using for newbies. We will see how that goes. Going down the road that you proposed is sure death to Ledger and I don't think they are that stupid. The path that the ledger has chosen with all these recovery functions and storage of private keys (parts) with third-party companies, automatic ledger live app, release of devices that have not been fully tested and have physical flaws and defects, with leaks of their customers' data (still, they don't were able to prevent this) without any compensation can hardly be called reasonable. This company has too many actions that can only be called stupid (or maybe just negligence, greed and irresponsibility?). The question to all of your is, do you think that ledgers can be modified by them so they can acces and steal al your coins? Fake Ledger devices do exist, and we even had cases where individuals whose data got leaked had such devices shipped to them to their home addresses. But everything about those HWs was fake. If you opened them up, they had different hardware components compared to the examples Ledger has on its website. They also instructed the users to download and install fake Ledger Live software and not the official versions. Fake firmware was also part of the game. - A genuine Ledger HW looks as shown on the pictures above. - Only a genuine Ledger HW works and can connect to the official Ledger Live software. - Only a genuine Ledger HW can connect to Ledger servers and install official apps or firmware from the LL App Manager. If Betnomi modified their Ledger devices, you should notice that the things I mentioned above won't work. And I also dreamed of winning one of these devices in the raffle of betnomi As a memento. After their exit scam, this little thing became really memorable. For their former clients. In theory, it is possible that the HW devices sent by the betnomi may be modified. But in practice, they would hardly bother (although who knows). I think that the betnomi has already made good money with their exit scam that they don’t need to take extra actions with devices, and this would require bothering with modification (mind, of each hardware wallet). As far as I understand, there were not so many such devices (for raffles), which means that it was not so much possible to earn in such a fraudulent way (compared to an exit scam gambling platform). That is, the ratio of time / resource costs with possible profitability is incommensurable.
|
|
|
|
Volgastallion
Sr. Member
Offline
Activity: 630
Merit: 314
CONTEST ORGANIZER
|
|
August 13, 2023, 08:25:51 PM |
|
Thanks for your answer guys, i amde the question to maybe help he one who have the Betnomi Ledger in his hand and prevent them to being in high risk. But as far as i understand based on yours answers it can be "safe".
Yes i think in the same way, with the exit scam they surely make good money and this hardware wallets and others promotions they do were only a hook to gain the trust of the community.
|
|
|
|
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ████████▄▄████▄▄░▄ █████▄████▀▀▀▀█░███▄ ███▄███▀████████▀████▄ █░▄███████████████████▄ █░█████████████████████ █░█████████████████████ █░█████████████████████ █░▀███████████████▄▄▀▀ ███▀███▄████████▄███▀ █████▀████▄▄▄▄████▀ ████████▀▀████▀▀ █▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀BitList▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . REAL-TIME DATA TRACKING CURATED BY THE COMMUNITY . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀List #kycfree Websites▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ |
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7539
Playgram - The Telegram Casino
|
|
August 14, 2023, 06:03:11 PM |
|
Yes i think in the same way, with the exit scam they surely make good money and this hardware wallets and others promotions they do were only a hook to gain the trust of the community. The thing is, Betnomi can't know how much crypto the winners of those hardware wallet have. Thus, it could prove unprofitable and a waste of time to acquire such devices with the hope that it might be worth it in the future. Regular people won't know how to modify such hardware wallets and make them malicious. So the only option for most fraudsters is to purchase such fake devices from someone that knows. It's an investment, regardless of how much it initially costs. It would be in a scammer's interest to target people they know own enough crypto with such modified HWs. Then it might be worth the invested money and time. But sending out blindly, not so much.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
RickDeckard (OP)
Legendary
Offline
Activity: 1148
Merit: 3118
|
|
August 15, 2023, 12:59:29 AM |
|
Did you maybe link to the wrong sources? Your sources [3] and [4] are exactly the same. Source [5] refers to the old and discontinued Ledger Blue.
I totally did, thank you for alerting me (I've edited my previous post). Regarding the linked [5] source, Ledger has placed within that folder recover's scripts (within the last month). I don't know why they particularly chose to place them in their discontinued product however.
|
|
|
|
|