04 August 2021
CD33: build your own hardware wallet for $50 with @seedsigner and @keithmukai
EPISODE: 0.3.3
BLOCK: 694094
PRICE: 2610 sats per dollar
TOPICS: build your own hardware wallet for $50
@seedsigner: https://twitter.com/seedsigner
@keithmukai: https://twitter.com/keithmukai
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch​
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch​
telegram: https://t.me/citadeldispatch​
support the show: https://tippin.me/@odell
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
[00:00:00]
Unknown:
Is Gary Gensler, and welcome back to Office Hours. What does the SEC have to do with crypto and why is the chair of the SEC talking about crypto? Now, technologies come along decade after decade, but those that have a chance to thrive, grow, come within public policy framework. To be clear, I think that the SEC should be technology neutral. But one thing we're not neutral on is investor protection. Our agency, the SEC, has had rules for decades to protect people when companies wanna raise money from them or when we, as investors, buy and sell securities on an exchange like the New York Stock Exchange. But you see crypto trading platforms, crypto lending platforms don't have the same level of investor protection that you've come to expect buying and selling stocks on a stock exchange or investing in a mutual bond or a 401, Ken. In the years since Bitcoin was started, literally thousands of other tokens have been launched.
Many of which traded on platforms may well be securities under our laws. That means if the platforms and certain of the tokens don't register with the SEC, they're noncompliant with the important federal protections in our laws. So I've asked staff, the SEC to use all of our authorities anywhere we can to uncover any wrongdoing. Authorities aren't enough. I've also recommended to Congress for them to consider filling those gaps with a goal of investor protection. To those currently or considering investing in crypto, please remember not only are they a highly speculative asset class, but there are also significant gaps in the investor protection afforded to you. I think that moving forward, promoting investor protection is not only good for you and for anyone who would consider investing in these assets. I think that it's the only real viable path forward for this nascent technology.
See, at the heart of finance is trust and trust rests on investor protection. And so that's what the SEC has to do with crypto investor protection.
[00:03:10] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt Odell, here for another Citadel dispatch. The interactive live show about Bitcoin distributed systems privacy and open source software. To the freaks joining us through our audio feeds, that was the SCC chair, Gary Gensler, quite cringe video, announcing his, it seems like a war on crypto. It seems like his focus isn't really on Bitcoin, so take it as you will. But, either way you look at it, he is he does seem to be going after at least the low hanging fruit Chick Coins and the casinos that allow them to trade.
I wanna do a quick shout out to our ride or dive freaks joining us in the live chat. I know this is a later dispatch than usual at 8 PM EST, midnight UTC. We're competing with prime time, East Coast Television, including, the the the Olympics that are going on right now. So I hope you find this conversation more interesting than those corporate filled NBC streams. I also wanna do a oh, of course, to join the live chat. I mean, my favorite way of doing it is through Twitch. We have people joining us on Twitch, Twitter, and YouTube. I think I might start phasing out YouTube. They did cut my stream, before the end last week, but we do have a lot of freaks that like using the YouTube stream, so I'm kinda battling with it. But, eventually, they'll probably ban us, and then you'll have no choice but to use Twitch or Twitter.
As always, the videos are posted to Bitcoin TV after we air. So all the archives are there, bitcointv.com, and they are posted to our podcast feed. If you just search it, it'll dispatch in your podcast app of choice. Huge shout out to all the freaks who support the show and keep it ad free. I will never add ads to this show. We will never have sponsors. I like how the incentives align, with the audience. I'm here for you. I feel like you guys are here for me, and that's what it's about. My favorite way of you freaking supporting the show is using podcasting 2 point o platforms. If you go to new podcast apps.com, you can download a podcast app that supports streaming sats, search Civil dispatch, load it up with sats, and then as you listen to the feed, it'll stream sats directly to my lightning node.
You can also contribute to the show, at sidildispatch.com via PayNIM. My PayNIM is Odell. Very easy to remember. There's also, Tipin. Me there if you want to contribute via lightning in that fashion. So thank you, Phryx, for supporting the show. That's what it's about. You also can support the show by getting merch. We have hats, magnets, and flasks available at citildispatch.com/stack. Also, big shout out to BTC pins, who's a ride or die freak and constantly joins us for these live shows. If you go to btcpins.com, he is currently selling free open source software pins, a collection of pins, that include pins from BTCPay, Zeus, Bisc, and Raspberry Blitz, and very honored, it also includes a pin for Citadel Dispatch.
We do try and replicate the FOSS model here with the show, and it's quite an honor to be a part of that PIN set. All proceeds go to OpenSats, to support, open source Bitcoin development. So it's a really great initiative. I'm very excited about it. I will be auctioning off, a pin set for for devs, at the Bitblock Boom Conference in Dallas later this month. So all that, very exciting. This is a very looking forward to this conversation. It's a conversation I've wanted to have for a while now. It's a project that's been on my radar. This is dispatch 33, and we will be focused on building your own Bitcoin hardware wallet with the seed signer team, 2 of the guys from the seed signer team.
We have seed signer himself, which is both his name and the name of the project. He's lead maintainer. How's it going, SeedSigner? It's going great. How are you? Welcome to the show. It's a pleasure to have you. I'm super excited to be here. And we have Keith, who is a contributor, a recent recently new contributor to the Seed Signer project. How's it going, Keith?
[00:07:50] Unknown:
Alright. Thanks for having us.
[00:07:52] Unknown:
Yeah. Let's go. Happy Bitcoin Tuesday, guys.
[00:07:57] Unknown:
Amen.
[00:08:00] Unknown:
So we are here to talk about building your own hardware wallet. I know on your website, you say you could build this hardware wallet for $50. I I have a picture of what the finished product looks like for the people on the video stream. It looks something like this if you if you opt for a 3 d printed case to put around the enclosure.
[00:08:23] Unknown:
Right. But as Keith demonstrated, it's you you can absolutely use without one too.
[00:08:28] Unknown:
Yeah. But a lot of people are into into printing, so it's it's a great option. And then these are the parts. So I guess you could use it like bare board, right, where if you just connect all the parts together?
[00:08:39] Unknown:
Yep. And we have a a new enclosure that I don't think it's in the repo yet, but it's gonna be in its, the the enclosure you just showed was a little bit more complex with multiple parts, and there's a a simplified one that's actually just one printed part, leaves the top kind of the top portion of the screen exposed and the button exposed, but it's it's kinda optimized for fast and simple, deployment if you just wanna put something together quickly.
[00:09:06] Unknown:
That sounds fantastic. So, I mean, let's just dive right in here. What what was your inspiration for the project? What was what's the project's goals? You know, why are we here to begin with?
[00:09:20] Unknown:
The goals for the projects, I would say, are to reduce the cost and complexity of multisig. And the origins of the project come from, kinda like chat conversations I have with, a security research researcher named Michael Flaxman. I think you may have had him on the show before. And, interacting with some of the guys with Spectre Desktop, and they have a a similar kind of project called Spectre DIY, which is, to back out for a second. There's still kinda some the nomenclature is still being developed for this kind of signing model where, kind of the the wallet and the signing mechanism are separated. So with, like, a traditional wallet, like, if you think of, let's just say, Trezor or, a ledger.
So your private key is being stored on the device and kind of the wallet functionality is such that you dial in through the device or the device interacts with a portal that's maintained kinda by the service provider. And we are kind of we we break that kinda traditional wallet into multiple pieces to where we you have 3 parts. 1 is the wallet coordinator that is like Specter Desktop or Sparrow or BlueWallet Vaults, and that manages all the interaction with the protocol and publishes transactions, scans the blockchain for, you know, incoming transactions, maintain your your balance, that kind of stuff. And then there's 2 other components, which you might call, the signing device and then key storage.
Key storage is just whatever you choose it to be. It could be as simple as a piece of paper. So, obviously, most people, you know, prefer to put their key in the in the metal so that, if something happens to their paper, they have a more durable backup. But then the signing device is kinda like the bridge between your key storage and the the wallet coordinator or the multisig coordinator. And what the sign device does is you input your private key, which is represented by your seed phrase, into the sign device. And the sign device basically proves to the wallet software that it knows the key without ever actually, without ever actually transferring the key to the wallet software. So the the model is it's an air gapped, transaction that's moved between the multisync coordinator and the signed device. I don't wanna get too much in a nuance here, but some devices do this with like, Coldcard does it with a micro SD card where you have something called a partially signed Bitcoin transaction that is moved back and forth between the coordinator and the signed device, with a micro SD card, but we use, like, it's called optical air gap signing. So it's just QR codes
[00:12:18] Unknown:
that move that same partially signed transaction back and forth from the signer to where this go ahead. You have you have a micro SD card slot on the device. That is just for flashing the firmware. It's not actually
[00:12:31] Unknown:
used for PSB Ts. Right now, that's just used for flashing the firmware. I say right now because we're hoping, we have also another contributor working on a custom operating system that would give us a few additional features, one of which is additional, additional assurance for the users so that they could boot seed signer up. All of the operating system and everything you need gets loaded into memory, and then you can actually remove the micro SD card before you input your private key. So that's an additional kind of reassurance
[00:13:05] Unknown:
that your private key is not making it anywhere under the micro SD card. Micro SD is gonna go back into an online device for their firmware upgrade or something like that.
[00:13:15] Unknown:
Yeah. It it could. Yeah. But, also, the advantage of that system is if we can pull the micro SD that the operating system was loaded from out, then we could actually if some people prefer to do, moving the PSVTs back and forth with the micro SD card, that would allow us to add that feature to which, some people prefer.
[00:13:35] Unknown:
Great. So, I mean, I'm gonna call you seed for the rest of the show. So seed, I mean, don't feel the this the dispatch is all about going deep. So Okay. We can we I expect us to go deep here. That's what it's about. The freaks have already listened, to Craig Raw from Sparrow multiple times on the show, so they're familiar with Sparrow. They're very familiar with Spectre. They're familiar with the ideas around multisig. So the so the idea here is is is you have a multisig wallet. Right? And you have the coordinator, software on a computer that is connected to the Internet or in the case, blue wallet of the phone. Right. And then you have these multiple signing devices, which historically we've called hardware wallets. I understand in the industry, we're trying to move to signing devices, but, you know, names do stick.
The so when you're doing that, you you're usually the 2 main methods is you have a 3 of 5 or a 2 of 3. And, basically, what you're deciding is, what devices are gonna make up, that that threshold of keys for you. And, you know, some people use cold cards, some people use Cobo Vault, some people use, Trezors or Ledgers. I don't think Ledger works really well with multi sig. But, they they use all these different devices, and they basically and then they also have a seed backup.
[00:15:06] Unknown:
Right. And
[00:15:09] Unknown:
seed signer fits in as one of those signing devices in this multisig threshold.
[00:15:15] Unknown:
1 or more of those signing devices. Right. Obviously, you know, the the belt and suspenders best security model is to mix vendors and mix hardware platforms. So that if there's a vulnerability you're not aware of in one of those platforms, only one of your keys is compromised. But, you know, with security, there's always trade offs. So, a lot of people find their way to our project because they're curious to experiment with multisig and just kinda try it out and get started. But they don't wanna spend, you know, 2, 3, $400 on wallets. So the cool thing about SeedSigner is it can operate as any or every cosigner in in multi sig because it's it's, what's called a stateless device. So when you input your seed phrase, it only stays active in the device while the device is powered. It's just basically a variable in memory in the program. It's not written to the micro SD card, such that when you power the device off, your seed is not retained on there so you can,
[00:16:14] Unknown:
it's kind of a dumb device, I guess we'd say. Right. So you can, if you're testing out, you can put multiple seeds in there. Ultimately, the seed is the the the the the seed is is is your interact was is the main way a person interacts with the private keys. Yeah. Exactly. You're entering the seed every time you use the device, and that that means that a lot of these more expensive devices incorporate secure elements. They're trying to secure the secret on the device. But because you're using off the shelf hardware and you're not, you you don't have a secure element in the device, you're not trying to necessarily protect the secret on the device because when it powers off, it should theoretically wipe any of the secrets from it. I wouldn't say it it wiped. The secrets are just in memory on the device, and when you unplug it,
[00:17:05] Unknown:
memory goes away. So yeah. It it what what I would also point out is, so when you set up a cold card or or tracer or anything like that, the first thing that they have you do is write down, you know, your 24 word backup Right. Or 12 words or whatever you're doing. So you already have with with traditional hardware wallets, you already have this need to safeguard your seed phrase. And then, like I said, with security, it's trade offs. So they they're storing your seed on the device as well behind, like you said, a secure element. And then you have usually kinda like a shortcut, like a pin phrase or maybe a fingerprint or something like that that allows you to quickly and more conveniently have access to your private key.
So our thing is more aimed at people who are, saving or huddling Bitcoin for the long term, who are gonna do less frequent spends. But, anyhow, I I just wanna point out, you're always gonna have to safeguard that private key. So if you're more of a saver and a less frequent spender, you know, it's to spend with our device, you have to access your private key, but it's the only thing after protection. And we can we can dive into the specifics of that, a little bit further into the show. I feel like we kinda got ahead of ourselves. We did. So before so,
[00:18:27] Unknown:
you know, the freaks are very familiar with Spectre d DIY, which is a similar concept. Use off the shelf parts, to make a signing device. I think you were I may be involved with, like, creating a case for it or creating builds a build for it, like, to to sell it. And Right. Correct me if I'm wrong, kind of the inspiration for this was was that that build altogether comes in a little bit under 200, and this is significantly cheaper. Is that was that part of the inspiration of the project?
[00:18:58] Unknown:
Yeah. It was, like, I I can't upsize enough how much it was Spectre that kinda led me to it. I, before, you you know, I was always looking to get into multisig, and I come to Bitcoin kind of from a unique background that we can get more into. But, when I was looking for a long term kind of security setup for storing Bitcoin, I wanted to get into multisig, and it it was taking a long time for some of the different coordinators to get online. And I happen to listen to this podcast that Flaxman did with Stefan Lavera and heard kind of some of his tips, and that was the first place I'd heard of Spectre. I hadn't heard of Spectre before that. So I download Spectre. I start looking at software.
I find in the repo, they have this DIY or do it yourself wallet. I have a little bit of a background in hardware, so it didn't seem like a difficult thing to build. And prior to that, I had been using actually, this is probably horrible, but I was using a website called bidaddress.org, which I think is still out there. I think that's what I used right in the beginning when I first Right. Created Bitcoin. And I had used they have a setup to where I think you use Shamir's secret sharing and you can split up a private key among, like, different pieces and you that way you can kinda replicate a multisig setup, but it's not true on the protocol. So I had kind of a simple thing where I had, the you know, I I just I I wasn't totally satisfied with it. I wanted to, you know, I I just I I wasn't totally satisfied with it. I wanted to, like, have more confidence in my security setup. So I was kinda, like, looking for something when I heard that podcast, started playing around with with Spectre, found the DIY, put it together.
And the first time I used Spectre with the kinda air gapped QR signing I described before where you scan QR's in and then you kinda, like, approve the transaction and scan it back into your laptop, like, that for me was the light bulb moment that was almost equivalent to my 1st Bitcoin transaction, my 1st lightning transaction. It was just like, this is like, this makes sense to me. This is the way that I wanna do it. And so like you mentioned, I think Flaxman again had a tweet where he was like, I love this wallet but somebody needs to build a case for it. Well, my background, like, one of the things I tinker with is 3 d printing and 3 d design.
So I just kinda started iterating with the hardware and trying to find the best way to fit it into an enclosure. And I made one and I was, like, proud of it, and I started interacting with Stepan from, Spectre and I sent, I sent Flaxman 1 and I sent Stepan 1, and, I I started selling them in, like, a small square store. And as I started interacting with Flaxman more, he was describing to me, a, device he'd kinda thought of where you use a very specific version of Raspberry Pi. And it it's a Raspberry Pi 0, which if people aren't familiar, that's a smaller version of the Raspberry Pi that's smaller than the kind that people typically use in nodes. It's just a smaller form factor. And there's a very specific version of the Raspberry Pi 0. It's a version 1 dot 3, and it is built without Bluetooth and without Wi Fi. So it's kind of this naturally inexpensive air gap kind of system.
And he talked about attaching a little screen and controls to that, Raspberry Pi 0 so that you could enter, like, the first 23 words of your seed phrase and then kind of in a a secure way, totally offline, be able to calculate the check some word and come up with a full, a full seed in a pretty secure independent way. And so I ordered some hardware pieces. I have a little bit of a background in technology. So I, I started playing around with that and was able to implement kind of the, the thing he was talking about where you kinda enter the words and it it calculates your 24th word. That's great, but I still love the Spectre DIY, and I got to thinking, like, if I attach, like, an inexpensive camera to this thing, can I replicate that core signing functionality that the Spectre DIY does?
I I kinda joke that what I contributed to the seed signer project is being a cheapskate because I wanted to see kinda how how low could we drive down the cost to build something that maybe doesn't have all the features of a DIY, but is like a basic signing device that's that's pretty darn secure and that people can build cheaply themselves from, you know, things that they can buy in various places on the Internet. So that's, that's, I think, an answer to your question. And I mean, specifically, I mean, we're gonna
[00:23:31] Unknown:
go further into the trade offs here. But, I mean, specifically compared to, like, these professional hardware wallets or hardware signing devices, whatever you wanna call them, the fact that you can build this off of off the shelf parts makes it more resistant, to government action. I mean, if you could foresee a situation where in certain parts of the world, it might be hard to get, a purpose built Bitcoin device, while it's still easy to get RASPIs.
[00:23:59] Unknown:
Right. And the other concern for people like, I had a a gentleman contact me from an an unspecified country in the miss Middle East, and I think they can actually get hardware wallets there, but they're not through official distributor channels. They're all kind of third party. So there's a high degree of uncertainty as to whether or not the hardware has been tampered with. But like you're saying, yeah. So if you live in some place where it's outright banned or you just don't want people to know that you're interacting with the Bitcoin protocol or that you're saving or storing Bitcoin, like, you can order these seemingly innocuous pieces and and,
[00:24:34] Unknown:
like, kinda secretly build your own thing. Right. I mean, you have, like, the the ledger hack is a perfect example where there's basically a list that got leaked of of people that are interested in Bitcoin or at least shit coins. Right. And in in this case, that wouldn't happen. So, I mean, let's dive into this. You you have the Raspberry Pi 0. You know, I checked Amazon. They're they're pricing that at $20. Then you have a Waveshare LCD that's priced at around $17. You have the camera module, which is 14, and then you have a micro SD, at least 4 gig micro SD, which is basically shipping cost. I mean, that's they're pricing that at, like, $8. And then Right. You have an optional case if you wanna if you have a 3 d printer, you can print the case yourself. Yep.
So, I mean, you are kinda pushing it a little bit. Right? Like, really, the cost comes into, like, mid fifties.
[00:25:29] Unknown:
It's it's probably closer around 50. The so if we go to, shout out to shoot. I addafruit.addafruit.com if you're in America. You can get a pie mailed to you through standard mail for less than $10.
[00:25:47] Unknown:
Oh, wow. So it's,
[00:25:50] Unknown:
it's cheaper there, and there are other outlets too where you can find them. Like, we have a where I live, we have a micro center, and you can actually walk in with cash and buy one for $5 there. That's awesome. But it's just 1. But the the kind of the barrier with those is they don't come with the pins pre soldered on them. The larger Raspberry Pis have the the pins preinstalled, but the smaller ones for whatever reason they don't tend to, install them when you get them from the manufacturer. So you're either gonna have to buy one with the pins preinstalled or, you know, if it's soldering may seem kinda, like, overwhelming to some people, but it's not as crazy as you think.
And I've had a lot of people that have contacted me privately and say, like, I'm gonna try this and they watch a few YouTube videos and they're able to pull it off and it works fine. But I I'll also mention, shameless plug that, I sell the presoldered Raspberry Pis for $15 through the Square shop that I operate. So, if you're okay with, you know, buying it not yourself at, you know, a brick and mortar retailer or something, you're okay ordering it. I sell them for 15 with the pins attached, so that's kind of a way for people to get in the door there.
[00:27:00] Unknown:
Awesome. So we have the parts. What I'm just curious. What does the Spectre DIY use as their baseboard?
[00:27:10] Unknown:
They use, I believe you'd call it, like, a development board. So it's it's more geared towards, people who are experimenting with different hardware platforms and their form factor is much like a mobile phone, and it has a lot of the same, kind of hardware features of a mobile phone. But they're, the the, it's called a disco board. I I can't remember the model number, but I think they retail for, like, $62 is probably a good price for those at least. Yeah. The best one that I found. The core processor is, STM 32.
[00:27:45] Unknown:
And the screen, I think it's basically like an iPhone
[00:27:51] Unknown:
4. It's a full touchscreen. Right?
[00:27:54] Unknown:
Yeah.
[00:27:55] Unknown:
While the seed signer uses kind of like a joystick.
[00:28:00] Unknown:
Yeah. Yeah. So it's, for us, like, your what I I like to kinda think of it as seed signers maybe closer to entry level, though I think it's getting better and better. But Specter DIY is kinda like mid grade and then Specter shield that they have with their proprietary, add on board. I kinda call that, like, the premier kinda top tier. So for us, yeah, you don't get that big touchscreen that you're gonna be able to, at least at this point, type letters into. But we've come up with some pretty creative ways to to use the joystick. Keith can talk more about that, absolutely, and, more creative ways to get the seed into the device that that Keith came up with.
[00:28:43] Unknown:
Yeah. I mean, the cool part about multisig, right, is that you can use all these devices together in your quorum. And in general, when we're talking about multisig, you know, the more options, the better. We don't want everyone using the same exact setup. Keith, so you wanna talk about, I I think I know where this is going. I I guess, yeah. Let let's let's talk about that. So let's let's talk about so you have this you have this seed. You have these words. Personally, I think, you should keep those in steel. I don't know if you guys disagree with me on that. Totally agree. Because it's fire and water resistant, and, obviously, EMPs or or whatever things that can destroy an electronic device cannot destroy steel.
If anything, the biggest negative of storing your seeds in steel is it's really hard to, destroy them if you wanna destroy them, which is the benefit. So you're entering the seed every single time you use the device. And, Keith, you came up with a pretty novel way of making that not a pain in the ass. You wanna talk about that?
[00:29:57] Unknown:
Yeah. So well, first of all, when I saw Steve give his demo in the Phosstome in, in Miami, you know, I was just like I was blown away. Right? I I I wanted to make sure I caught his presentation because we had interacted a bit on on Twitter beforehand. But I noticed that while he was demoing, you know, you so you have to enter enter your seat, and he's got, like, you know, a 20 minute slot or if even that in in the phosstome. And so he's just hitting abandon, abandon, abandon, abandon. Right? The very first, dip 39, mnemonic seed board. And so that's his, like, quote, you know, high entropy, private key that he's, you know, configuring, just for the purpose of the demo. Right? Just to get it in there so he's got a seed signer that can do its thing.
And so I get home from Miami. I get the parts. I assemble my seed signer. I'm so excited. And then, someone says I'm really quiet. Let me see. I raised your volume on my side for what it's worth. Okay. Alright. Yeah. Well, hit me up in the chat if it's still quiet. And so yes. I've got my assembled seed signer, and I, you know, generate a a a fake key that I can, you know, toss away. And I start entering my 24 words. I'm like, oh my god. This is, you know, it's like 5 minutes, right, to type in a full 24, word seed. And so I think the first thing I did was just changing the input UI. So it was using, like, a vertical, like, cylinder, basically. We you know, you'd scroll through the alphabet, letter by letter. And then as you enter each individual letter, it can start eliminating letters, you know, as as like the the matches against the word list, narrow down.
But it still takes too long. So then I was able to build a keyboard UI where you can use the joystick to move across a virtual keyboard, click the joystick to select your letters. It's a little bit quicker. And then the the next thing was, okay, I've got it down to, like, I don't know. I can do this in 2 minutes now with this keyboard UI, but it's still too long. And, you know, I'm just thinking about my own, like, I'm a lazy jerk. Right? And if I know that, oh my god, you know, I should get my coins off of the exchange. But, crap. I gotta, you know, type in all these damn words on this damn thing.
If it's too hard, I'm just not gonna do Right? That's like the bane of security. You put up too many barriers, and then you just start taking bad lazy shortcuts. So the the seed word list is 2,048, you know, specifically defined words. And when you're entering your seed, they're basically just being interpreted as the index number that they appear on the list. So the very first word in the list is abandon. Abandon equals 0. And then whatever the second word is, that equals 1. Because, you know, we're computer science. We we zero index our our counts. So your 24 words are really just 24 numbers that are at most 4 digits each.
So, you know, at first, like, okay. Well, we could just enter them by digit. That that'd be a little bit quicker, but not really great for, like, as a human UI. Like, you know, if I write down the wrong number, now I've just screwed up everything, and I've, you know, lost access to my funds. But then because the seed signer already has a camera on board, and it's built to read QR codes, I was like, okay. We have 24 4 digit numbers. How big is a QR code that would store that? And it turns out you can fit it in a, what is it, 29 by 29, SploC QR code.
And so on on a weekend, I was like, okay. This might be just the dumbest idea ever, but I'm gonna render my 24 words as a QR code, 29 by 29, put it up on the screen. I'm just gonna print out a grid, and I'm gonna see if I can just manually manually transcribe this thing. And, you know, at first, like With a Sharpie. Like, you put it. Right. Right. You fill in the squares with a Sharpie. Yeah. So the first version, though, like, it was just so primitive. It was just showing the entire QR on this tiny, like, 1.3 inch screen. And, you know, I'm trying to, like, look at, like, the individual blocks, how they line up.
And I was able to transcribe it and and scan it back and show that it worked, but, like, I was blind afterwards. You know, my eyes were so sore because I was squinting at this tiny screen, these tiny little pixels. And then so I spent a little more time, and I was like, okay. Can I zoom into the QR code, and can I show it to you, like, a 5 by 5 chunk at a time and let you, you know, pan through the entire QR, you know, 5 by 5 steps at a time? And when I got that working, I mean, that was just a a heavy lift of just, you know, UI stuff working in, in in the seed signer hardware. But once I got working, it was so easy to transcribe these QR codes. And then I made a matching template that had those 5 by 5 grid lines. And, you know, everyone had the same suggestion. They're like, this should be Battleship. You should be filling in square, you know, d 5.
And so, you know, one axis is letters, the other axis is numbers. The seed signer, when it's zoomed in, it shows you the 5 by 5 grid that you're zoomed in on. It shows you the number. It shows you the letter, that identifies that spot. And, yeah, and then the Sharpie. And, you know, so now people are, like, going crazy just seeing how sloppy they can be, how quickly they can do it. And, like, QR codes are so resilient. Somebody just posted in the Telegram group, like, 5 minutes before the stream started, that I I think they said, like, their mom or their grandma is stitching a QR code. So they posted the photo of the, like, stitch you know, the the the lattice work of the, that they're gonna be stitching into. And they had already stitched the the 3, big concentric blocks in in the 3, corners of the QR code. So they've got, like, the basic template, and now they just need to, like, actually go, spot by spot, and and stitch it in. It looks so funny. It it's just so cool.
[00:36:43] Unknown:
And the reason the re to the freaks that are wondering, like, why did Keith go through this trouble instead of just printing the QR code filled out is because then your secret your private keys are on a computer and is stored in memory. A lot of these printers stored in memory, so you you don't you wanna avoid that step. That's why, you know, common practice is to to write it down on on piece of paper or put it into steel rather than, putting it into a computer. That's the whole that's the whole goal of SeedSigner in the first place is that your online device doesn't ever have this secret.
[00:37:18] Unknown:
Yeah. And and after after Bitcoin 2021, like, what like, how how Jack Mallers has changed the world, was just so inspiring. And so everything it it it just changed the way that I view Bitcoin and this project in particular, which is like, hey. What if there are people that don't have printers? Like, forget the security issues. Right? They don't they don't have, like, you know, the the easy access to to tech and money that we have. So how would they be able to use this? Like, can someone in El Salvador who's making $300 a month buy a cold card for a 100 and, you know, $14, $20, whatever it is. Like, it'd be amazing if they can. The cold card is a phenomenal hardware wallet, but it becomes a really high barrier to entry when the price is creeping up to a $100 or a 100 plus or the $300, foundation devices thing.
[00:38:16] Unknown:
So flow is the flow is, when it when it comes time to to sign a transaction, your you power on your seed signer, you plug it into power, through micro USB. Right? And then you scan the QR code that you have. And I guess the QR code is, like, your your easy access to the seed, but then you also have a separate seed backup. Right?
[00:38:47] Unknown:
Yeah. Like, I I'm I'm totally on board with steel. I I just got a a block mitt, jig to to pound, my seed words into, steel washers. Yeah. And and those are gonna be, you know, the, like, survive a fire, survive an earthquake, backups.
[00:39:05] Unknown:
Right. And then you have your QR code for for easy input every time you use the device.
[00:39:10] Unknown:
Yeah. Yeah. Exactly. And, you you know, I I getting a little ahead of us of ourselves, but I I'm even imagining, you know, like like a collaborative custody company. You know, you've got Casa Unchained. They hold one key, at least, for all their customers. I mean, do they have, like, a cold card or a ledger or a treasure sitting in a drawer for each customer. You know, imagine if they just had, like, secured QR code sheets for each customer. And when they need to help cosign on a transaction, they just unlock their customer secure sheet, scan it scan it with a seed signer, sign the transaction, and then, you know, lock up their sheet again.
So it you know, it like, this QR based seed entry model can work for the poorest of people. But then also these, like, collaborative custody companies that, you know, could be making 1,000,000 and 1,000,000,000 of dollars.
[00:40:15] Unknown:
Yeah. I mean, anyone who's entered a seed into any of these devices, can see the value in it pretty quickly. So, I mean, another big issue with these devices is how to generate a secure, seed in the first place. You you need proper randomness, in order to have a seed that can't be brute forced. And we've seen in the past different services that offer to generate your private keys or or different tools that offer to generate your private keys, and they don't have sufficient random to have some kind of broken randomness. And as a result, the seeds aren't secure in the first place when they're originally generated.
[00:40:59] Unknown:
Have there been any documented cases that I I'm just curious, like If I remember correctly, blockchain.info
[00:41:06] Unknown:
is using random.org for their entropy, and and and there was, like, a 404 error when a bunch of people their address. Oh, god. Generated their seeds, so they didn't have actually any entropy whatsoever.
[00:41:21] Unknown:
Right.
[00:41:22] Unknown:
And those all got swept. But the big fear is, like, if you use a, most computers have, like, random number generators, but, you know, one of the big conspiracy theories is that those random number generators are compromised, like, by Intel and stuff. Right. Either Intel or see, like like, bid address, like, makes you, like, shake your mouse or something to add entropy.
[00:41:49] Unknown:
That's also for some of the hardware wallets, like, they'll they'll call that a retirement attack where somebody, you know, is inserted some sort of predictable quote entropy into a hardware device and then in an undetermined amount of years when they're ready to go, they, they can sweep some things.
[00:42:08] Unknown:
So, historically, one of the ways to get around that was dice rolls, and I guess that's what you guys used originally. But I saw you have a new method for entropy.
[00:42:18] Unknown:
Yeah. That's all Keith's. You wanna talk about that, Keith? Yeah. So and and, you know, let me be clear. I'm I'm not a cryptographer. So, you know, if if, any of the freaks out there who know way more about this than I do, if this is a terrible idea, please, please let us know. You know, I I consider all of this experimental until it's vetted by the community. But it's pretty simple. Seed signer has a camera on board. What if we just took a photo with that camera? It's 7 20 by 480 pixels times 3 color channels, RGB. That's a lot of data.
Each pixel each of those channels is, you know, ranging from 0 to 255. Take a picture, hash it with SHA 256, run that as your entropy, and what comes out? A 24 word seed. And because, we get because of SHA 256, if a single pixel value is changed by a single integer, You know, red 248 is changed to red 249, but the entire rest of the image is identical. That should generate a completely different seed, once you run it through shot 25 256. And, you know, some people have tried to poke holes in this. And again, I invite that a 1000%. You know, what if there's, the sensor noise is this? What if there's smoothing applied to that? What if there's a, like a a grid pattern that's, you know, invisible to the naked eye, but inherent to the sensors themselves? You know, what if there's more structure there than, than you think there is?
And I, you know, I I I just keep doing these thought experiments. Like, okay, let's say every other pixel is pure black. There's just no data there. And let's cut it down from RGB down to just down to just monochrome. I it it's still there's just so many pixels going into the hashing function that, you know, for for my layman's understanding of hashing, I just I don't see how there's a problem. But So
[00:44:39] Unknown:
so my monkey brain goes to well, first of all, so OpenDimes use a similar setup for entropy. They tell you to drag a random file in to the OpenDime at at creation, to generate the private key. But what they do is they also use entropy from the device, so they combine the 2. So where my monkey brain goes is it'd be kinda cool if you can combine the entropy from the photo with entropy from the dice if you want to. Like, have have that as an option could could be a nice little paranoid extra step.
[00:45:22] Unknown:
Yeah. Or even accumulate over a series of photos.
[00:45:26] Unknown:
Exactly. Yeah. I like that idea.
[00:45:30] Unknown:
But yeah. And and assuming this idea holds, like, I it just really tickles me. Like, you know, if if I wanted to set up a a Bitcoin fund for my nieces, I would take my seed signer over to their house, use it to take a picture of my nieces. You know? And so their faces would be the entropy for their mnemonic phrase for their, you know, seed that I'm gonna help fund their their, you know, college or whatever money, in the future. Like, I just think it's so cool that you can attach, like, sentimental representation to the creation of a new seed.
[00:46:11] Unknown:
Yeah. I like that idea a lot. I really like the several photos. That's a that's a cool idea. Yeah. That that's so so I think we've nailed all the basics here. I mean, that's awesome. I mean so so that's currently in beta right now. Right? Like, is that is that in the in the proper, release?
[00:46:37] Unknown:
No. That's in that's in, the most recent build that's out there. I was also gonna ask, do you have the ability to show, like, a YouTube video up in the stream? I didn't know that.
[00:46:50] Unknown:
I could. Yeah. If you send me the link in the private.
[00:46:53] Unknown:
So it's yeah. I can do that. It's, we have kinda like we can just run-in the background, like, a 10 minute demo or something that kinda shows an overview of the process of, like, setting up a a wall and stuff, it'd probably be helpful for people who aren't familiar with, you know, just the air gap signing thing.
[00:47:14] Unknown:
So I have a I mean, before we get yeah. So send me that link, and I'll Yeah. Get it ready. But, before we get there so trade offs and threat models, we have a stateless device, off the shelf parts, no secure element. It's gonna primarily be used in a multisig quorum. Do you think anyone should be using this in a single sig setup?
[00:47:42] Unknown:
I I actually don't see any huge issues with it. If if you're obviously, part of the trade off with with trying to find the right security setup is how much value are you protecting and, you know, what kind of barriers are you putting in place to protect that value. So if you're protecting, you know, like, this is your Huddl stash, this is what you're saving to pass on to your kids or deep into the future or whatever like that. I I have a strong feeling, that you should be in multisig. Some people think we're still early for that, but I I think the tools are there and it's accessible to enough people that, like, I wanna get more people in the multisig. That said, like, for you can kinda think of it savings versus checking. You have, like, a checking account where you're gonna be maybe buying things with Bitcoin or or, don't know, maybe you're an active trader and you're moving things between exchanges or whatever and into a personal wallet kind of in the interim, I think, a seed signer is perfectly fine in a single sig environment for that. We that was another feature we added on our 2 or 3 versions ago, so it's not just for multisig, but we do have a, a single sig mode and settings that you can use.
[00:48:49] Unknown:
My biggest concern, from a single sig point of view is the evil maid attack. So, like, we're entering we're scan we're entering our our secret into this device every time we use it, whether that's by QR code or entering 24 words.
[00:49:08] Unknown:
Mhmm.
[00:49:10] Unknown:
And so the evil maid attack is this idea where someone replaces an evil maid that you have cleaning your house, replaces your your hardware device, with a compromised device that doesn't, that that has Wi Fi or Bluetooth enabled on it, and it transmits that secret, to the evil maid. And in a multisig setup, that threat is alleviated because you need a threshold of secrets. You it's not just one secret. Sure. But in a single sig, right, a single sig, all of a sudden, that becomes a threat. So you have to keep your device regardless, you should be keeping your devices physically secure. Right? You don't want people to easily see them or get access to them and swap them out. Right? Right. Right. Right.
[00:50:03] Unknown:
Yeah. And I like, that's definitely a legit attack vector, and that's why I say, like, obviously, this isn't your whole stash. If you're using a single sig, it's more of like a a convenience kinda like money you'd carry in your wallet kinda thing. But, yeah, I I totally get what you're saying. One of the other things I'd point out with seed cider is if you have concerns about, that the memory card's been tampered with or whatever, like, that is something that you can remove and wipe between uses or just remove and keep in a more secure place between uses, to mitigate, like, you know, somebody having tampered with the, the data on the memory card?
[00:50:48] Unknown:
That makes sense to me. I'm currently setting up this video. Keith, do you have anything to add here?
[00:50:53] Unknown:
I was just gonna say that, you know, if anyone's going to be using seed signer, either for single sig or multisig, you know, you should just you should always validate seed signer with a different device. So this is what I did in the the early days of Spectre desktop. I wanted to start using it for my multisig, and I basically created the exact same multisig in Spectre desktop and in Electrum, verified that the addresses that were generated were identical in each, was able to sign transactions in both of them. So I was very confident that Spectre wasn't doing anything, you know, weird or nonstandard. So that even if the project crashed and burned and disappeared off the face of the planet, I wouldn't you know, my Bitcoin wouldn't be stranded with that lost project.
And there's so much standardization now that, like, it I I just feel like the the risks are getting less and less. That if if it works in SeedSigner talking to Specter, talking to Sparrow, talking to BlueWallet, then, you know, any other wallet that can talk to them is gonna work too. And if it if there's a bug in seed signer, you're gonna find out pretty quickly. You know, early on in Spectre desktop, I was messaging with Stefan, and this is back in, like, late 2019. And, you know, and he's he was really good about telling people, like, it's experimental. Don't use it for real value. Don't use it for real value. And I messaged him. I'm like, yo, man. So, I'm actually using it for real value. And he's like he's like, yeah. I am too, but I'm not telling people that.
[00:52:40] Unknown:
That's funny because I actually had that exact, like, DM conversation with him, like, early on. Like, so if you were gonna use this to secure your personal funds, and, he must have, like, progressed to the point where he was more comfortable with it because he he was like, no. I I think we're I think we're at that point.
[00:52:59] Unknown:
And and so we're we're using PSBTs here, partially signed Bitcoin transactions. Yeah. Yeah. Yeah. Yeah. Does this video does this video show us using PSBTs?
[00:53:08] Unknown:
Yeah. It's gonna it it actually goes through the whole process where you actually set up the wallet in Spectre from scratch. So you're gonna be inputting those, like Keith was talking about, the really simple repetitive seeds, and then you're gonna input the XPUBs into Spectre via QRs, and then I go through and sign a transaction. So it gives you gives you kind of the full
[00:53:29] Unknown:
gamut of of what the QR exchange process looks like. Cool. And, Freaks, feel free to put questions in the live chat, and we will get to them. Okay. I'm gonna play this video. Cool.
[00:53:45] Unknown:
And we can talk during this. I I, it's probably painful in the beginning because it's repetitive that we're setting up. Are you doing abandon? Are you gonna about to do abandon, 24 times
[00:53:56] Unknown:
or 23 times?
[00:53:57] Unknown:
You can actually do I didn't do it in this video, but you can do bacon 24 times, and it's the the proper, checksum word.
[00:54:06] Unknown:
Bacon's its own checksum of 23? Yeah. Bacon times 24 is a valid seed. So the freaks that are wondering what we're talking about here, the it's actually you you have 23 words, and then the 24th word is just checking to make sure that those previous 23 words are, valid. It's, it's called a checksum.
[00:54:28] Unknown:
And I don't know who I don't know if it was Jimmy Song or somebody, but they actually, like, did the, calculations and figure out there's there's probably a few dozen words that are their own checksum, so you can enter them times 24 and and they work. So,
[00:54:42] Unknown:
like So right now, this process is obsolete
[00:54:46] Unknown:
Right. Because you can just scan the QR code that you can And even the input method is obsolete. Like, what you're seeing on here is, like, I've just entered a seed. It was a 12 word seed, and it gave me the opportunity to review it. So for the purposes of the demo, I'm just going through and storing 3 seeds so that I can just use them. We probably didn't mention that before, but seed signer will currently store up to 3 seeds temporarily in memory while the device has power just in case you're setting up a multisig or you wanna sign with the multiple keys using that same device. But what you're seeing right now is kind of the old interface where Keith was talking about the the scroll wheel where you, enter the letters. And it's not a proper demo, the scroll wheel, because we're just doing repetitive words. But,
[00:55:32] Unknown:
But now we have a joystick.
[00:55:35] Unknown:
Right. Now there's, this was like an earlier, I guess, hardware version. And we're using Spectre in this Spectre desktop in this demo.
[00:55:44] Unknown:
We have 2 questions that I just saw come in here. Yeah. Yeah. The first one is, do you guys trust safe deposit boxes, multisig keys? I don't trust safe deposit boxes. They can be drilled into. You might not have access to them. But for multisig, if it's one key, if it's not, like, part of if if it's not the full quorum of keys, then worst comes to worst. You, you know, you lose access to a single key or someone takes a single key, gets access to a single key. It's not the end of the world. But I definitely went in with single sig.
[00:56:22] Unknown:
Yeah. Yeah.
[00:56:25] Unknown:
And then someone asked, with the photo entropy, couldn't someone find the photo?
[00:56:31] Unknown:
Yeah. That's that's a key question. So the photo is never stored on the device. And even if it was, as soon as you you turn the power off, the the device is blanked. And then the the the part that I really like is the photo's aspect ratio is wide. It's 7 20 by 480. But we only show you the center crop, the center 480 by 480, and then we we scale it down to fit on the screen. So there's image information that you never see. So you can take a photo of the seed signer displaying your image that you're going to use as the entropy for your new seed. You could tweet it out to the world. I I I have some demos of this. I know. I saw you tweeted it out. Yeah. Yeah. My dog.
[00:57:22] Unknown:
So she's you know, her face is is my new, seed, at least. By the way, that's how I knew I liked you. You know, the the 2 the 2 automatic or, like, pretty good, denominators that I'll like a person is if they're a Bitcoiner and if they're a dog person. So they're both it it's a very good indicator.
[00:57:42] Unknown:
Yeah. The dogs are amazing. But but yeah. So because the whole image is never shown, there's no way anyone can recreate the exact pixel for pixel values. And even if we show the entire image on screen, again, there's no way you're gonna recreate the entire 7 20 by 480
[00:58:04] Unknown:
exactly right. Right. So we're not uploading a photo. We're taking a unique picture that is deleted immediately afterward after power off. Yeah. Exactly. I I mean, in fact, it's it's
[00:58:14] Unknown:
wiped as soon as that function ends.
[00:58:19] Unknown:
Awesome. These are good questions, Freaks. Keep them coming.
[00:58:24] Unknown:
And I'd point out in the video, I think we're about to do the the sample signing process. I just got a transaction inbound from a faucet. This is all in testnet. And right now, I think we're gonna go to send. And to send, in this particular demo, we send some coins back to the faucet, back to their receiving address. So, like, you're familiar with with a lot of your wallets, I'm copying that from the faucet website and then pasting it back into the back into the Spectre or the multi sig coordinator, putting an amount in. I think I let it auto calculate the fee, and then it's going to say create this unsigned transaction.
So Spector just created the unsigned transaction, which is multisig, so we need 2 of 3. So we're gonna choose to sign with the first key, and we're gonna sign with these animated QR codes. So I kinda have a rig when I recorded this video, but you're gonna see, it's asking me which key do you wanna sign with. I just picked the first key, And then you can't tell because it's picture it's a picture in picture video, but I just held the seed signer up, and I'm scanning that animated QR that that's dis displayed on the laptop screen. So it shows me the proposed transaction. It says this is, like, the last 13 characters of the address you wanna send to. This is the amount. This is the fee. Do you approve it? And then it just generated a QR code on the seed signer screen, And that is how I'm gonna communicate the partially signed transaction back to the laptop. So I hold it up to the screen.
Specter reads the frames in 1 by 1. You're holding it to your webcam on your computer. So once it knows it has them all, it, closes the scanner face out, and it says, okay. We've signed with the, the first key. And then it's just that process repeated
[01:00:24] Unknown:
with the second key. So it's gonna This case, you have them all in the same seed signer, but it could be different signing devices. Totally could be different signing devices.
[01:00:33] Unknown:
But just for the demo. So it's displaying the the proposed transactions, QR codes, and laptop screen again. I'm gonna hold the seed center camera up to that. It's gonna give me indicators on the screen that it started collecting the frames.
[01:00:50] Unknown:
It's gonna happen like And, Phryx, the reason you might wanna use like, it's really nice, feature set to be able to have multiple keys on a on a single device, especially for a demo or even, like, in an emergency situation where you need to recover a multisig. But the reason you wanna use multiple devices is because right now, if this was holding a lot of funds, all the secrets that are needed to move those funds are on this single device. So if that single device is compromised, so are your funds. Right? Yep.
[01:01:25] Unknown:
Yep. Best practice is definitely mix mix vendors and mix hardware profiles for, your cosigners.
[01:01:34] Unknown:
So it's really sleek.
[01:01:35] Unknown:
So it just, we approved with the second signer, and that pops up a screen inspector that says, okay. You have the adequate number of signers. We broadcasted the transaction, and now it's just going back to the, the faucet to validate that they received a transaction. But that brings up, like like, I think you had said, practice, practice, practice with, like, whatever your setup is. I think part of, part of being secure in your security setup As Bitcoin moves in the future, I think we all think, like, the price is gonna move the number is gonna go up. And so at some point, you may get to that stage where you have a lot of paper gains and you know what number of Bitcoin you're holding and you know what the notional dollar amount of that is, but you start to wonder if those gains are real or if you're safeguarding them properly or stuff. And I can't emphasize enough how important it is to encourage everybody to first practice with testnet. And, most coordinators and all the wallets should be compatible with testnet. So, like, you can stand up a pruned testnet node in a couple hours on your machine and just practice your heart's content. Get comfortable with it.
And then when you move to main net, like, start with some small transactions and get comfortable just moving the around. Because you you don't want that kinda, like, lingering in the back of your mind, like, can I really make this work when I need to?
[01:03:06] Unknown:
I think it's MBK who constantly says, like, you should basically operate under the assumption that the value you're holding is 10 times the amount of value you're holding. Yeah. That's fair. Totally. So we have future poll in the comments asking if you can use a USB keyboard to input the seat if you want.
[01:03:28] Unknown:
That that's definitely not supported. I won't say it will never be supported, but it's probably with the optimizations that we we came up with the seed QR. I it it you can probably speak more to this, but it it may just add too much complexity to the the code.
[01:03:46] Unknown:
I wouldn't call it complexity. I think we should be afraid of plugging any USB device into
[01:03:53] Unknown:
the seed signer Yeah. Good point.
[01:03:55] Unknown:
Or or any hardware wallet. You know, like, NVK sells those, 9 volt battery to USB power supplies, so that you have, like, well, a guarantee in in it's as far as we trust NVK.
[01:04:08] Unknown:
Well, it's like a baseboard. He, like, he makes it as a bare board at least. So at least you can kinda see if something was tampered Right. Compared to, like, a battery pack, like one of those USB battery packs you get off of
[01:04:22] Unknown:
Amazon or Best Buy or some shit where you have no idea what's inside the case. Yeah. So I I think it would be easy enough to add support for USB keyboard, but I think it would just open up an unnecessary, security risk.
[01:04:36] Unknown:
Right. Fair. And I you make a good issue, a a good point with the issue of plugging things into seed sign or plugging anything into a hardware wallet. And that's kind of, in the back of my mind when I had because I've had, like, a keep key and I've had a Tresor and, some of the other ones. And with my background I have a background in digital forensics. When you would plug those devices into your computer, like, I always just got a queasy feeling, like, who knows what is going over the the USB serial bus? Like, if my computer is compromised or when I'm updating the firmware, could that be, like, some sort of, you know, unauthorized payload that goes in there and, like, makes my device vulnerable, or could it be exfiltrating the private keys? Like, I most of the time, it's completely benign in its operating as it should.
But just having that device plugged into my laptop, like, always made me uneasy. I don't know if you guys or anybody else felt that way, but, like, the the level of paranoia was just kinda like, I'm not I'm not I'm not crazy about this.
[01:05:39] Unknown:
Yeah. And we've seen compromised USB cables even. You know? Who Yeah. Yeah. Yeah. You can never be too paranoid in the space, or maybe you can be. Some people fuck they make themselves too complex. You don't wanna make it too complex, but at the same time, you don't you don't wanna plug these things into computers.
[01:05:56] Unknown:
So with Seed Designer, what I love about the QR exchange is it's an extremely limited regulated protocol so that, if you're using the device as it's, you know, currently intended, the only way information comes into it is via the camera, and the only way that information goes out from it using in a properly air gapped fashion is via the QR codes that are displayed in the screen or, you know, words that are displayed in the screen. But, I really like the regulated protocol of doing the QR's back and forth between my laptop and SeedSigner or Spectre, just because it it limits tax surface of the interface between the two devices.
[01:06:41] Unknown:
I mean, people should still verify what's shown on the screen of the device. Right? Because the QR code could be, I guess, the QR code could be compromised on the online device.
[01:06:53] Unknown:
Right. There's and there's some ways you can do that. Like, if it's you'd have to have some technical expertise to do this. But, I mean, you can scan either an XPub or, you know, any of the transaction with your phone and decode it that way, because it's none of that is secret information.
[01:07:10] Unknown:
There's a privacy risk. There is a privacy risk. And there's a privacy risk with your coordinator, whether that's on your computer, on an online device, if that's Spectre desktop, or if it's on a phone with BlueWallet. There's a privacy risk there. So in an ideal setup, you're using a dedicated machine for your coordinator.
[01:07:31] Unknown:
And what I'm hoping over time is that we can use these wallets to kinda cross check each other. So as the QR protocol standardize, because there there are a couple of different ways of, encoding a PSBT into QR codes. And as those as we converge on standards, I'm hoping that you'll be able to, use, like, your seed signer to validate the XPub that's produced by your Cobo Vault. So right now, if you, let's say you're using a Cobo Vault and you use inspector desktop and you wanna set up a multisig wallet with your Cobo Vault as one of the cosigners. So you, I'm not either you let it generate a seed for you or you input a seed that you've securely generated, and now you have this extended public key that you wanna input in the Spectre. So you do that via QR codes, you input the XPUB and a Spectre, and then in Spectre, you have, like, an alphanumeric string that represents your XPUB.
What I'd encourage people to do is take another hardware device like SeedSigner and put your seed into that device too, And then go to generate next pub. And what we do is we'll also show you, like, the derivation path, the parent fingerprint, and then the extended public key so that you can compare that with, what your other hardware device already put into, say, Spectre. There's one attack that was just described. I I forget who described it, but it was like, what if what if basically you enter a seed into your hardware wallet it gives you an XPUB, but the XPUB isn't really representative of your seed. It's a preconceived XPUB that is, you know, some kind of retirement attack or it's it's it's Right. Representing something else. So getting to the point where these devices Someone else's ex pub. Right. So these devices can be used to kinda cross check each other. I think that'd be a great space for, like, the over overall kinda wallet ecosystem. Agreed.
[01:09:33] Unknown:
So we have a lot of good questions here. So we have Roman in the audience asking, if any of the parts are discontinued, are there other interchangeable parts that could be substituted in? Is there, what are your feelings here?
[01:09:46] Unknown:
So the camera is a pretty generic, like, Raspberry Pi compatible camera. There's a few specific models that'll fit in the enclosure that we've designed, but that's like a less important thing. Pretty much a standard Raspberry Pi camera should work. And that Waveshare, combination controls and LCD hat is kind of our Achilles heel because only Waveshare makes it. And actually, Waveshare makes multiple versions of kinda the same thing. So we've had it to where people have bought, like, slightly wrong models that are, a different pixel count. And we're dialed in on this very specific 240 by 240 pixel, model display hat. So that's kind of an issue. If they discontinue that, we're we're gonna be hustling to, get to a different platform.
But that's also a good avenue to, talk about. We're we're hoping in the future to move to supporting a secondary hardware profile to where we can keep the current, the current LCD hat, but we'd also like to get to a larger screen that's a touch screen profile just because we'd be able to pack more density in the QRs. And I think it'd be a little bit more approachable, maybe a little more intuitive interface for people. It's all kind of experimental, and and Keith is kind of the lead in figuring out, what what, LCD touchscreen makes sense, but that's the direction we'd like to get to.
[01:11:14] Unknown:
The density is what? So you'd have less the animated QR codes would have to wouldn't be as long?
[01:11:23] Unknown:
Right. So the, and this is actually something that Craig from Sparrow implemented, in his last one of his last 2 or 3 releases that helped us immensely because the number of squares that are in that QR code, basically dictates the density of the amount of information that you can encode into a single QR code. So if you make the QR code a little bigger and, like, pack more squares into it, you can reduce the overall amount of, like, say, animated QR frames that you have to exchange. That's just part of the process of we're optimizing it as much as we can on our end, and some of the the the multisig coordinators have been super helpful with optimizing it on their end. But, yeah, like you're saying, so if if we go to a bigger screen, we can put more squares in the QR code, and that means less frames you have to pass back into your, laptop or, like, quite literally, it's less time that you're holding your your your device's screen up to your webcam.
[01:12:19] Unknown:
I would add 2 things, here to this answer. Is first of all, SeedSigner is a free open source project. So if something got discontinued, I assume, either you guys or another contributor would step up to the plate to make it compatible with something that continues to exist. Right. And regardless of that, you know, the seed format is standardized, so you should be able to, in an emergency situation, import that into some other kind of either signing device or software wallet, that supports it. Yep. So your funds aren't at risk there. If if if your seed signer gets destroyed and you can't get the new parts, you can migrate that to a new wallet.
[01:13:06] Unknown:
Yeah. And there were kinda 2 related questions, but you can run this on, I think, any Raspberry Pi. You don't have to use the 01.3. We we prefer it as the safest method, but, Kevin had a question. Can I use the version of the 0 that has Wi Fi? Like, yeah. And that weight share display hat, either just sits on the, GPIO pins of the the pi zero, but the pi zero has the same pinout as all the other Raspberry Pis. So, like, you could download the the the seed signer, you know, image, put it on an SD card, power down your your your Bitcoin node. Right? Pop the SD card out of that, pop in the seed signer card, and turn your Bitcoin node into a temporary seed signer. Just slap the the LCD head on top of it and and plug in a camera. Yeah. The camera is the you would need an additional camera. Yeah. I I mean and and, like, you know, they're standard. It's, like, literally, if you just Google, like, Raspberry Pi camera, there's, like, one result that you have to care about. And and, he has a second part of that question. Do you guys disable the Wi Fi if
[01:14:19] Unknown:
on the software level if he uses one more Wi Fi on it? It's not disabled in the, in the build that we released because we assume that people are using the 1.3. But we've left the Wi Fi enabled for the reason being that sometimes people wanna, like, tinker with the platform or help us test advanced versions, and the easiest way to get into the device is through Wi Fi. So the in our builds, Wi Fi is still enabled. So we kind of assume if you're using it securely, you've gotten a 1.3 and you're using it that way. Though, if you go through the
[01:14:51] Unknown:
basically, the the developer way of installing the the seed signer code where you're step by step grabbing, you know, a fresh, image of the the Raspberry Pi OS, installing dependencies, blah blah blah. The Raspberry Pi OS comes out of the box with, Wi Fi disabled. It has a little message at the bottom when you when you sign into it that says it's it's disabled by default. So if you do it, like, the the step by step way instead of grabbing the the prebuilt image, then you get that for free.
[01:15:24] Unknown:
We have minion in the chat mentioning, be careful where you buy your Raspberry Pi components. I guess there is a risk there that they could be tampered with, before you receive them. Is this something you guys have thought about at all?
[01:15:41] Unknown:
The I guess the nice thing is, like, nobody knows you're buying this for Bitcoin related purposes. So if they're tampering with it, who knows what they're tampering with it for? Yeah. That's I part part of the model with generic hardware components is, hopefully, it provides you with some kind of level of, I don't know if anonymity is not the right word, but some sort of level of almost randomness when you get the components. It's not like you're ordering a ledger from Amazon, and everybody at Amazon knows that you're getting a ledger. When when you're ordering a Raspberry Pi through, you know, Pomeroney or Amazon or any retailer like that, people order these things for all sorts of stuff, so no nobody has a clue what you're gonna use it for. I mean, specifically, I really like the idea of, like, walking in a microcenter and paying with cash
[01:16:33] Unknown:
Yeah. Which you can't do with any of the Bitcoin specific stuff yet. And I guess that's part of the reason why the Pi zero one point three is chose chosen because it does not have Wi Fi or Bluetooth on it at all. So I guess best practice would be when you when you get your Pi 0 to look up pictures of it online and and check to make sure that nothing looks completely off. Right. Check the modules and yeah. Yeah. A lot of these attacks are, like, very low hanging fruit. Like, they I mean, there was, like I think there was a ledger attack recently, where they they literally put a whole USB flash drive inside the ledger.
So, I mean, with a ledger, it's not intuitive to open the case. You're not supposed to open the case, so people might not see it. But with the pi zero, it comes as a bare board. So in that case, you would it'd probably be pretty visible. Right. Right. Right. And another thing to mention is,
[01:17:36] Unknown:
you know, the the kind of sunsetting of that hardware. I think they're committed to producing and supporting the Pi Zero through it's at least through, like, 2023 or 2024. So, yeah, who who knows what what the future brings for SeedSigner, but I I I'm comfortable that the pie zero is gonna be around for a while. Right now, because of COVID, there are some supply chain issues where they can be a little bit harder to, acquire. But, I've been in touch with people at the Raspberry Pi Foundation, and they're still, they're still taking purchase orders for quantities of pi zeros. So it sounds like they have another run-in the works, so it's it's, still fully in production.
[01:18:20] Unknown:
And the the code is all just straight Python. So, you know, on on my wish list is to make a version that can run-in, as micropython. So right now, the Raspberry Pi is a full computer, even though the the tiny Raspberry Pi 0 is like the the size of, like, a stick of chewing gum. Like, it's a full computer running, you know, a full operating system. And so there's some some weight attached with that. There's some bloat attached with that. Like, right now, it takes the seed signer, you know, maybe a minute to to boot up from from, once you power it on. Although the custom OS is making some incredible strides to to cut that down to, like, 10 seconds or less.
But I'd really like to have a micro Python version where it's running on a microcontroller. There's no operating system. It's not running Linux. It's just literally only executing the seed signer code. And, you know, so the potential is you get a you find the right microcontroller platform that can run, you know, this code and has the same air gapped qualities. It doesn't have Wi Fi on board. It doesn't have Bluetooth, can handle a camera being plugged in. It's it's kind of a longer r and d project to find the right microcontroller that'll have enough horsepower to to do what the the pi zero is doing. But it's not like the pi zero is, like, a a processing powerhouse. Like, it's it's pretty crappy, as a as a stand alone computer, because, you know, it's $5. Like, what do you expect?
But even compared to a a Raspberry Pi 4, like the the 0 is, it's really weak. So I'm I'm hoping that eventually we can get that microcontroller version instead of Linux OS based version. And then that just opens the door to a huge variety of different microcontroller chips out there, that that we can pick from.
[01:20:25] Unknown:
I like Roman's question that came up just now about, gaps and contributors development skills. Keith can probably speak more to this, but, we've we're we're kind of looking for somebody right now who has maybe some knowledge of GPIO and SPI who, and maybe some experience with some of these touch screens who could kinda jump start, getting the touch screen UI and a second hardware profile, running. That's the first one that pops into my head. There's also to other kind of less technical areas of contribution I can think of. But yeah.
[01:21:04] Unknown:
Yeah. What are the other levels
[01:21:06] Unknown:
of contribution? Like, how can people help? Like, we we are in dire need of, like, explainer videos and just how to videos or videos of people using the device especially in, like, other languages. We haven't mentioned it yet, but we just recently launched finally seed center.com, which is kind of it's great to have a one stop shop where everybody can get, you know, a link to the latest release and go to look at the GitHub repo and see some of the media appearances. And, one section I'm really excited about there is explainer videos. Just getting a ton of, like, short videos so that, like, if you're curious to learn more about SeedSigner, and I'm gonna be making some of these myself, but people with video production skills like to just sit down and make, like, a short understandable video of how to input a seed, how to generate an XPub and import it into your coordinator, how to sign a transaction, how to generate a seed with, you know, the seed from digital photo feature, and just stuff like that. Like, that's that's pretty low hanging fruit that people don't need a lot of technical chops to get into.
But, yeah, I I've been thrilled over the last few months with how people have kinda jumped in in all sorts of areas that, like, you know, Keith was obviously a big one, but we're also looking at over, overhauling the user interface from the video that you showed before. Like, you can see that we have, like, a pretty basic, almost DOS like interface where you're just selecting menu options that are highlighted and displayed on the screen. And there's a a guy with a handle that goes by I think his handle's easy, who has apparently, his day job is in graphic designer and user interface design, and he's helped us kinda, like, conceive of. So if we move to a more graphical based user interface, what does that look like, and how much is that gonna, give us in terms of making the operating system more approachable to people and more intuitive for people to use?
But the the website that I mentioned, a guy named Jay, who I believe is in the Philippines, kinda jumped in, and at no cost, he's he's apparently a web developer by trade, has has done most most most of the the website coding. There's a guy named Richard I'll give a shout out to who is, in the European Union who's been a huge help with me testing different enclosure versions and even shipping out, shipping out 3 d printed enclosures that he's printed himself to different people that are interested in trying it out or, are interested in building one for themselves.
The the guy who did our logo, can't think of his name, but he's from South America. I, sent him a, like, a t shirt and some other things as a thank you through snail mail. So it's just I I've been humbled by people who have just stepped up and, like, you know, I may not know how code, but I can design a logo or I can build a website or I can make explainer videos. It's it's like, this is truly a community thing to where I I couldn't do all this stuff myself. It's it's been awesome to experience.
[01:24:22] Unknown:
Yeah. And we we should give a shout out to, the the 3rd major contributor, Nick. Yes. Who who predates my involvement in the project. You know, my my understanding is, you know, seed did the, like, original r and d, got, like, proof of concept up and running, started building just a kind of, you know, sort of publicity platform so people would start noticing the project. And then Nick entered, and he has a much deeper programming experience. And so just started really professionalizing the code and revamping and reorganizing. And he's really the technical expert on the Bitcoin side. So, like, I was so excited to to join this stream, but I was also terrified because I'm like, I'm such a huge fraud. Like, I don't understand the details, the, you know, the the the super techie details of our PSB Ts and, you know, all the other stuff because that's that's all Nick. Like, he's the one in the trenches, you know, handling the PSB Ts, handling the QR formats, talking with all the other wallet and coordinator developers.
So huge, huge shout out to Nick. Like, you know, Seed and Nick got this project to a point where it was on it had such a strong foundation built that I was able to come in later and just start playing and making, like, fun new features for it.
[01:25:46] Unknown:
But they they did all the, like, real real work. Yeah. Without Nick, like, this we it wouldn't we we wouldn't be having this conversation. Like, I I'm not a coder by trade, and I watched enough, like, Udemy videos and bang my head against the wall long enough that I was on, you know, I was on Stack Exchange and Googling and, like, just trying to get a basic proof of concept. And also a shout out to, Stepan from, Specter. Like, I was in his Telegram DMs, and he created the, embed Python library that we lean on to do some of the heavier lifting with the signatures and the protocol work. And it's, it's an open source library that he's put out there for embedded Python devices, and it it's like it it made our thing definitely possible. And he was also just so, so patient with my, you know, idiot newbie, I don't know how to code questions, and how can I make this work kinda questions?
But yeah, Nick coming in was like the game changer because even I had interacted with, Michael Flaxman a little bit when I had the proof of concept up, And he had looked at the repo, and he was like, oh my gosh. This is like spaghetti code. And, Nick, like, I I can't remember how Nick stumbled. I think Nick actually just came across the project through GitHub, not even from our Twitter account. And, he's also a a cur by trade and just brought immense knowledge of, like, Python coding convention, coding structure, what makes sense, what's the most efficient structures for what we're trying to do, and, like, yeah, I I I, we we wouldn't be here without Nick. I wish he could've,
[01:27:33] Unknown:
joined us tonight. Well, he's here in spirit. I mean, this is what I love about Bitcoin. This is what I love about free open source software. Keith, it sounds like you need to hear it, but you're not a fraud. We do appreciate you.
[01:27:44] Unknown:
Well, I I'm just very aware of of the things I don't know, and I'm I'm terrified of all those, unknown unknowns.
[01:27:51] Unknown:
That's good. That's where that's where you should be. Everyone should stay humble and keep moving forward. Yeah. I I appreciate you both. I I this is, this is what it's about. You know? This is this is awesome. I I I love how the community comes together around these types of projects. So I assume, see, this is your first open source project.
[01:28:18] Unknown:
Correct? It sure is. So I'm a stay at home dad. I people who've listened to other podcasts know probably have heard a little bit about my background, but I'm a retired police officer, actually. I was a local cop for 15 years, and I was lucky enough that I had a I had a background in technology, background in computers. And about 3 years into my police career, somebody higher up than me knew that I had background in computers and was aware of a digital forensics group where I live who is kinda spinning up and looking for, new contributors, new members.
So early in my career, I was given the opportunity to join this digital forensic group. So I spent the majority of my law enforcement career, like, in a lab setting, taking apart computers and hard drives and, laptops, thumb drives, and and figuring out how to assist prosecutors in, in, making cases, which is a little bit weird for me in the Bitcoin community. Yeah. You're the spook. Basically. Yeah. Are you still the spook if you're, like, out as the spook? Is that
[01:29:32] Unknown:
That's that's a classic spook movie.
[01:29:35] Unknown:
You're a fool. Second level spook. No. The the majority of my work was in, crimes against children, so I'm, like, I I'm super proud of the work that I did, but I actually learned of Bitcoin through work. So, in 2013, I was, you know, having a water cooler conversation with a couple of the other examiners, and one guy is telling me about this case that he's working on where there's this local kid who, got, like, a pretty high end gaming rig, a desktop computer for Christmas or for, you know, his birthday or whatever. And instead of using it to play call of duty or whatever would have been the game at the time, He was mining Bitcoin with this gaming rig with the GPU, and this was in 2013, so it was still kind of at the tail end of when GPU mining was viable.
But he'd take the Bitcoins that he mined and purchase weed on the Silk Road that he'd have delivered to, you know, his house with his parents. He'd break it into smaller packages and take it to school, and it was making a tidy little profit, selling dime bags to, you know, his, fellow students. And so I was kinda, like, stupefied by this Bitcoin thing. I I started googling it, and it didn't make sense to me. Like, why people why would you be using a GPU to to generate all this compute to, like, mine these coins? It just it was such a foreign concept. So I I heard about it, researched it. It didn't make sense. I didn't know if it was like a SETI or like a folding at home thing.
And then for whatever reason, like, in March of 2013, I circled back to it, and that was kind of during, a period of price appreciation. And I was probably, kinda back of my mind looking for investments at the time. So I started learning more and more about it. It was like one of those, like, you you come for the gains and stay for the freedom kind of things.
[01:31:31] Unknown:
Definitely one of the more novel Bitcoin intro stories I've ever heard.
[01:31:35] Unknown:
Yeah. It was, so, you know, I still I still was probably in the forensics business for 7 or 8 years after that. So, I was when everybody first gets into Bitcoin, what's the, the way that they think is the best way to acquire Bitcoin is obviously through mining. So I was a participant in some of the earliest kinda ASIC ventures. Did you preorder Butterfly Labs? I did. And I was like the guy checking the website, and they'd say every 2 weeks, it'd be like, oh, we think we're gonna send someone about 2 weeks. But, like, I was just thinking about that earlier tonight, like, what a comical sell to my wife that I've just learned about this thing called Bitcoin. And I'm telling her that we should spend $45100 on this, like, this special computer that all it can do is generate Bitcoin, and we're not even sure if they're gonna be able to finish development of it, but they need the money up front.
So, yeah. That and I actually sold my preorder for Butterfly Labs on eBay. I have no idea how that would get through, like, eBay's, you know, like, fraud stuff, but I never actually even received the device. I sold the preorder on eBay, and once the auction had settled, I changed the ship to address in my Butterfly Labs account, and it shipped directly to somebody else who you know, if they got it and plugged it in, like, they did very well with it. But I I was getting uneasy and was looking to offload the risk associated with Butterfly Labs at that point. A lot of people, I don't think, received devices. Yeah. And there was there was all sorts of rumors that Butterfly Labs was mining with with, the devices before they'd shipped them because they're in the middle of a bull market and they're, you know, air quotes, testing the devices. It was very common back then. Yeah. Yeah. Yeah.
But also through, like, Bitcoin talk, there was a guy named Yif Yifigiu, or I'm I'm sure I'm butchering that name, but he was one of the earliest ASIC chip designers. And there were all these people on Bitcoin Talk that were organizing group purchases of chips from him to design, like, custom mining hardware. That was pretty crazy back then. Yeah. Yeah. It was. Stuff fell through. That was pretty crazy back then. Yeah. Yeah. It was.
[01:34:02] Unknown:
Well, I mean, I was gonna ask you what your experience has been, you know, being the lead maintainer of an open source project.
[01:34:12] Unknown:
So this being the first project I've been involved with, I don't have a lot to compare it to, but it's, it's it's, I there's not much to say about it. Like, I I have some level of trust in the developers. I've kinda fallen into a less technical role where I test the hell out of the code that that they, put in some of our test branches in the repo. And I can read enough Python to understand what's going on, but some of the structures that these guys come up with aren't stuff that I myself could come up with. So if I spider my way through the the code, I can get it. But it it was, gosh, this is probably embarrassing to say, but it was the first time I'd set up a a GPG key. And it was actually
[01:34:57] Unknown:
Don't worry. No one uses GPG.
[01:35:01] Unknown:
That was I think it it was, one of your favorite, anon accounts. It's like numbers, like, 4704. That's not it, but it's something like 102? That's 6102. He had been in touch with OpenNoms and, asked me to set up a GPG key to start establishing kind of a trust trust chain and a reputation for the releases to at least, like, if you were willing to accept the the security trade off of a precompiled release, at least we could have kinda like a track record to go with go with
[01:35:38] Unknown:
that. Yeah. That's definitely best practice. Yeah. Definitely best practice, and I'm glad that they kinda steered me towards that. But, 62 is fantastic. I love that dude. I consider him a brother, and I have no idea what his name is. Have you ever met him in person, or is that not a thing? I I hopefully, one day, he will trust me enough for that to happen. But that's gonna be on his terms, not mine. I just expect him to just, like, show up one day.
[01:36:05] Unknown:
I gotta I gotta shout him out too. When I tweeted out the video of my demo doing the human transcription 3 years ago or something that was basically describing exactly what I built. So, you know, he he was there 3 years before I ever got there.
[01:36:29] Unknown:
Yeah. He told me that. He was pretty he was he he was pretty proud that we got there. So thank you for that. Very cool. Keith, I mean, while we're here, you know, seed story was very novel. Do you what's what was your Bitcoin story?
[01:36:49] Unknown:
I mean, I'm professional Python dev. You know, my first exposures to Bitcoin were through, I think there were there were a series of wired articles over some of the early years, you know, talking about, Silk Road and, Mt. Gox. And each time I would come across one of these articles, I was just fascinated. I was like, oh my god. This is, like, just crazy interesting stuff. I need to I need to learn more. And then I would put the magazine down and, like, I would lose the train of thought. And then, like, a year or 2 would go by, and then I'd pick up another issue, and there's another art you know, article on on Bitcoin. I'm like, oh, that's right. This Bitcoin thing. It's so interesting. And And then I put the magazine down, and I forgot about it again. And finally, for whatever reason, in 2017, you know, I'd wasted 3 or 4 years at that point. I was finally like, okay. I gotta dig in and and learn what this thing is about.
So damn.
[01:37:48] Unknown:
I mean, no. Most of us, I think, required multiple touch points before we didn't think Bitcoin was a scam. Yeah. Yeah. Yeah. It's a very common theme. I would say Seed's, story is is is way more novel than any story I've heard. The big meme in the space is, like, every Bitcoin podcast starts off with, well, what is your Bitcoin story? And almost all of them are the same. It's like, oh, I heard about it really early, completely dismissed it, and then I came back later after, like, the 4th time I heard it. Awesome.
[01:38:22] Unknown:
So we, is it like a funny side story? When I was still working in the computer lab, so we had this training room where we had, like, 24 computers. They're all pretty basic computers, but this is during 2013 during the first, like, shitcoin total craziness. And one of the, one of the particular, like, strains of shitcoin was that it was something that you could only mine with a CPU, like, they had an algorithm that would rotate and it wasn't something that a GPU could do. So, I had set up all 24 of these computers in our training room to mine Prime Coin and then probably something else. And that was also when, like, BTCE was still in existence, so you could exchange coins, without doing any any KYC at that point.
And, we mined enough of these shitcoins that, like, our forensic lab actually had a Bitcoin wallet that appreciated over time, and we were able to, purchase, like, equipment for our work, when we got into, like, subsequent price runs. So at one point, I think I bought, like, I bought an Imac with some of the Bitcoin that we'd we'd indirectly mined, and then, like, we bought new monitors for everybody in 2017. It was, somebody just put up in the chat, like, the troll box in BTC, which is, like, the mother of all, like, trading, rumor mills.
But, yeah, there's, like, so much lore in the early days of Bitcoin that's, like,
[01:39:59] Unknown:
hilarious. Toolbox was epic. Yeah. Absolutely. Do you remember how they took down BTC?
[01:40:05] Unknown:
I don't remember other than, you know, the day that the, you know, the URL or whatever came up is the domain came up as being seized. I don't remember how it was executed. How was it?
[01:40:17] Unknown:
I guess it was it was run by a Russian guy, and, he was he was vacationing in in Greece, I if I recall correctly. And the the way full disk encryption works is it activates when when your device is off. Mhmm. So the key is you you want to get I mean, you know better than most. I mean, the so the key is you wanna get them while the device is on and they're signed into everything. Sure. So he was on vacation. He was signed into everything at BTC, and they took an unmarked car, and they rammed it through his vacation home gates. And he, like, ran out in his robe, And then they arrested him, and he was signed into everything.
[01:41:01] Unknown:
That's that's reminiscent of, how they got Ross Ulbrich too Right. Was that he was operating in a, I think it was a public library. And Correct. Somehow, they distracted him from his screen or something and and, like, physically converged on him so he couldn't, like, sleep the computer or log out or anything.
[01:41:23] Unknown:
Indeed. I mean, but he was, like, in a San Francisco library. It's a lot less glamorous than a recent vacation home in a robe. I don't know. Just from from Russia. Like, that's a picture. Yeah? Yeah. It's definitely, it's definitely an image. So, I mean, guys, this has been a great conversation. Oh, I get I have one more thing on my list that I wanted to hit before we wrap this up. So it's a free open source project. Anyone could do this. The code's out there. They can just use the build, put it on, you know, general purpose hardware. Is are you how do you view this project? Is it just gonna be donation based? Is there a monetization strategy?
[01:42:10] Unknown:
What what yeah. What how do you view that? If there's a, like, a significant monetization strategy, like, I don't see it. I currently like I mentioned before, I sell the presoldered pies, and I also sell the 3 d printed enclosures. But that's, like, low margin stuff that helps me cover, like, you know, the hosting fees and, you know, sending T shirts to contributors and sending hardware to people who, you know, potentially contribute or who might, you know, be good for the project and, like, web development, that kind of stuff. I don't see any sort of path of monetization. Maybe I'm naive or just inept business wise to see that, seed signer's more like, it this is more like a the goal of the project, and this isn't something we talked about, but we recently declared a license.
And that was, like, by far the hardest decision that I've made by far associated with the project. And we we initially were leaning GPL or a GPL, but that was wrong. So GPL. And the theory was so that, like, anybody who, you know, uses the code or modifies the code contributes it back to the open source community. Right. And we just got a ton of pushback about that. And the ultimate decision was that I didn't wanna discourage there were a lot of people who were super m I pro MIT, and I think there's a little bit of a cult mentality to that, not that there's anything wrong with MIT.
[01:43:47] Unknown:
So the main difference to the freaks is with GPL, any derivative work has to be open source. It has to be GPL. Right. With MIT, it's completely open. Like, you can you can take that code, like Square can take that code, and they can just put it into a completely closed source, device or software library or whatever.
[01:44:15] Unknown:
Right. And so, like, the goal for us thinking it through was we always want people to be able to build a seed signer on their own without permission from off the shelf components and have the software completely unfettered and free. So in that sense, GPL made sense, but we got, like, super pushback from the from the community. And one of the more, legitimate kind of concerns was that apparently people who work, their day job is for, you know, a for profit company and they're professional coders, and maybe Keith can talk more to this. But I had several people approach me, and I think it was in good faith, tell me that, like, their employer prefers that they don't contribute to, like, Copyleft or GPL projects because of potential legal entanglements and that they prefer them to just contribute to MIT stuff because it's pretty cut and dry that there's no legal legal, implications to it. So if people a lot of employers give you Google used to give you, like, what, 10 or 15% of your work week just to work on some sort of passion project or, like, open source kind of stuff. Like, I didn't wanna just just discourage any contributors from contributing seed signers. So even though we were leading towards GPL, we actually went with MIT, and I'm I'm not ashamed of that. That's what Bitcoin uses. That's what, Spectra uses. It's a great license. I just don't think that a closed source signing device makes sense.
So we were trying to steer it towards JPL, but, yeah, that that's where we're at. So to get back to your original question of I don't think there's a profit motive motive in this. I I yeah. That's that's kinda where we're at unless Keith has any perspective.
[01:46:12] Unknown:
No. I mean, I think, and and and by the way, you know, Matt, you had asked about how how Steve has experienced, running his first project, his first open source project. And, you know, I can tell you from the from the inside of these discussions, you know, all the transparency that you see him tweeting out publicly, that's, like, exactly what's going on in these internal discussions that, you know, here's what I'm thinking. Here's what I'm agonizing over. Here's what I don't know. And we just kinda, you know, discuss it and and hash it out. And just, you know, his his transparency. Like, the the multisig donation address is out there. But not not only that, like, the x pub of each key of the multisig has been tweeted out. You know, just like levels of transparency that are are just crazy.
But, no, I I think this project, you know, like, I I'm contributing in my free time. Nick is contributing in his free time. He's got, you know, a a young child. I think I think maybe a newborn. And, you know, it it's it's an all volunteer effort. You know, I I'm just having so much fun working on this project. But but, yeah, like, longer term, if if if we could get to the point where through donations and grants that, you know, I could scale back my my normie day job, and spend more time on on seed signers, spend more time on on Spectre, like, that would be incredible. But, you know, I'm gonna keep contributing to this project as much as I can in in my evenings and weekends.
And, you know, I'm just gonna trust in the Bitcoin community. Like, if if this project, needs more more funding and more attention, I think the community will will deliver it. If what we've built is kind of like a good enough solution and it just has some, you know, kind of maintenance requirements, over time, and doesn't doesn't require, like, investment like that, then then that's what it'll be. But, but yeah. And and I I I don't have any plans on disappearing from this project, but I always tell Seed, like, you know, this isn't a corporation. You know, we're not hired employees.
We have no intention of going anywhere, but you can't build this project assuming that we, you know, specific pieces will be there. Right. Or and you don't know who's gonna come in, you know, tomorrow with some amazing ideas and and and make major contributions. So it's it's just, you know, you you set up the the structure the best that you can. It's open source. Anyone can come in and contribute. And if if someone's contributions just become more and more important, you start bringing them into the inner circle of of, I I I hesitate to say the word decision makers, but, you know, of of the the people whose input, are are listened to the most for, the the seed center group.
[01:49:29] Unknown:
Right. And I'd, Keith kind of alluded to it. We we did set up, an official donation wallet. So it's a 4 of 6 multisig. I published all the XPUBs the other day so we can have full transparency. So anybody who wants to import the the XPUBs into a Specter Wallet or even, you know, a a Spiro wallet or anything, can do that and monitor what comes in and what comes out. We, I was approached, like, a month or 2 ago from a significant donor and asked to submit a grant proposal. I don't know if that particular one's gonna come through, but I'm optimistic that I I think we're demonstrating enough value that I think some form of sustaining funding is gonna come through.
But that was part of the rationale for setting up the multistig address. It's like I mentioned, it's a 4 of 6. I hold 2 of the keys and then 4 other key contributors, we'll say, who've asked not to be named or holding one key each. And over time, as funds hopefully become available, like, it's gonna be a process of, you know, us at a primary level hashing out, like, what we think, like, deserves compensation for contribution and what sort of features we wanna incentivize through through compensation, but it's also gonna be, like Keith alluded to, a process of listening, you know, to people who are following us on Twitter and people who are in the the, seats on our Telegram chat, like, asking about features and and expressing their opinions. So we're we're trying to do this, like, as much in the open out in the open as we can, and I'm optimistic that we can kinda reach that middle ground to where, you know, people if they wanna be heard, like, they're gonna be heard, and I think, like, we can make mostly the the right calls.
[01:51:26] Unknown:
Have you submitted a grant?
[01:51:31] Unknown:
Have have you submitted to OpenSats yet? Yeah. Yeah. We, I think when it was first announced I I'm not sure where you guys are at in terms of setting that up. Or Yeah. We're not we're moving slower than we'd like to move. But I I can fully, like, We have money standing by, and you're, like, the ideal project for it.
[01:51:49] Unknown:
Well, that's cool. We, in the spirit of open source, you know, I was I was I was, like, the 2nd person on board with OpenSats, and all the board members were not taking any money out. And as as a result, you know, maybe it's it's facing some some of the same hurdles that the free open source projects that we're trying to support are facing, because, no one's working on it full time. But, we do have money. We have Bitcoin sitting there waiting to dish out to con dish out to projects, in need, and, your project completely fits the bill, for that. So I'm glad you submitted something, and we're working on getting that out as soon as possible.
I kinda wanna go back to the licensing real quick. I mean Yeah. Yeah. It's, a reoccurring topic on dispatch. And you're right that there it's very much a, first of all, 100% appreciate you going MIT. It is the most open license you can choose, But I I I struggle with it myself, and I got a lot of I get a lot of pushback because I'm a it's it's I I'm a I'm a GPL proponent. I I I've noticed that a lot of or or some groups that provide grants in the space require you to switch to MIT if you're GPL. And I feel like it's a little bit of a subversion of open source even though it's the most free license because it allows corporations to come in and take the code and not contribute back.
[01:53:47] Unknown:
Right. It's it's kinda like it's this, like I I don't wanna call it manipulation, but, like, all of these smart guys with money are having all of these nerds, like, do all this work, and then they can turn it into a product kind of a thing.
[01:54:00] Unknown:
And, like, the perfect example is is something like BTC payserver, which is a project I love, MIT. I expect there to be a lot of closed source point of sale systems that use BTC Payserver code and don't contribute anything back and keep everything closed. Right. With SeedSigner, it's a little bit different because I do agree with you. I mean, hopefully, most people wouldn't wanna use a closed source, signing device. Unfortunately, there are some out there, but, so it's a little bit less of a concern, but, I I tend to fall on the GPL side. But I a 100% respect the decision to go for the most open license there is.
[01:54:46] Unknown:
Yeah. I I I totally empathize with you preferring, GPL. I just don't see because we're a do it yourself thing from off the shelf component off the shelf components. Like, there's not a ton of margin in it for a potential commercial participant. And I and maybe that's just a lack of imagination on my part, but, that that kinda, like, took some of the pressure off for me because I just don't see this as a, you know, super commercially profitable
[01:55:16] Unknown:
potential venture. Well, what we could see is we could see a purpose built Bitcoin signing device that is source viewable, which is the bare minimum, I would say, if you're gonna buy a signing device. Mhmm. But not MIT or GPL. And it uses mostly your code and puts it in a very pretty case and then goes and raises a shit ton of VC money off of your work and your contributors' work. But, That would suck for us. Yeah. You'd still have my support regardless.
[01:55:59] Unknown:
But the most important thing for me is that, you know, the dude in Iraq or Iran or Saudi Arabia or whatever Love it. Like, he can get the components, the codes available, he can build it. Like, people in El Salvador, like, we can host a workshop there. And regardless of what some, you know, clown, you know, VC company is doing, like, we can show people how to build this stuff, you know, themselves. And after we leave, they can make more of them if they think there's, like, a value proposition there. Like, that's the most important thing.
[01:56:32] Unknown:
Yeah. Yeah. And that's why you're a fucking legend. Thank you, dude. We have, Bitcoin makes sense asking a completely unrelated question asking, is Trust Wallet okay? No. Trust Wallet's a piece of shit. You should migrate to to a better wallet. First of all, I hate the name, but besides that, it's just it's mostly shitcoin focused, and the Bitcoin side's really bad. I don't even I I I'm I I can't speak to their license or whether or not it's sourced viewable or not, but it's a really bad wallet. If you go to cildispatch.com/help, there's a there's a list of Trust Wallet's a mobile wallet. There's a list of mobile wallets, that I recommend that are significantly better.
Yeah. But that's a completely unrelated question, but he did ask it, so I'm going to answer it. So I appreciate you guys' time. I think this was a great conversation. Do you have any final thoughts before we wrap this up?
[01:57:36] Unknown:
I would just, like, people are curious to check out our thing. We finally have a website, seedcenter.com. Follow me on Twitter just at at seed signer, all one word. We have a Telegram group that's a great place, like, for people who are curious or wanting to do a build and they have specific questions. Yeah. And if if, Keith, if you have any final thoughts, I'd I'm probably forgetting all sorts of stuff.
[01:58:02] Unknown:
Just we got we got some cool things in the works too. No no formal road map or release schedule, but, you know, we talked about seeing if we can figure out a touch screen, you know, UI redesign. One thing I'd really love to add is NVK's seed XOR. You know, with Yes. With your seeds as QR codes, they are more exposed and vulnerable. But if your seed is represented in a seed XOR pair or, you know, 3 set or whatever, then you just have, like, an additional level of of security there. And then we do have on the road map multi language support. So I Oh, yeah. I did the, Spectre, desktop implementation of, for multi language support and, recruited all of the translators. So that's how we were able to launch with 11, languages fully translated for Spectre.
So when we're ready, we'll do the same thing for, Seed signer. And then, you know, hopefully, I can tap that same group or, you know, just tweet out to the world, like, hey. You know, let's let's, load this thing up on on other languages.
[01:59:17] Unknown:
And if people wanna donate, that's seed signer.com?
[01:59:22] Unknown:
I need to add the donation. It's probably not on the website. Dude, you gotta put that front and center. Yeah. I'll I'll put it on the main page. It's it's in my Twitter feed. I actually tweeted it out today. But, yeah, I'll get it on the website.
[01:59:35] Unknown:
Awesome. Well, I appreciate you guys. Thank you for joining. It's really a fantastic conversation, and I hope the freaks appreciated it. I think they will. I know I did. I appreciate your work. I love the project. I have not built my own seed signer yet, and I feel like a fraud for not. So I will do that. I will try and, pump out a a video or 2 about it, do my
[02:00:01] Unknown:
part. If we can if we can help, just, like, let me know.
[02:00:06] Unknown:
100%. Big shout out to the freaks who joined us in the live chat on this late Bitcoin Tuesday rip. Appreciate you as always, and thanks to the freaks who continue to support the show. Without you,
[02:00:21] Unknown:
this show does not exist. So thank you all. Thank you Keith. Better than, the Olympics, I think, tonight. Like A 100%.
[02:00:27] Unknown:
I mean, low bar, but a 100%.
[02:00:30] Unknown:
And thank you,
[02:00:31] Unknown:
ma'am. And thank you, Seed. Thank you, Keith. Appreciate you guys. Cheers. Yep. Appreciate it. Thanks.
[02:02:34] Unknown:
Every day for us something new. Open mine for a different view. And nothing else matters. Trust, I seek, and I find it new. Every day for us something new. Open mind for a different view. And nothing else matters.
[02:07:10] Unknown:
Appreciate you freaks. Reminder that you can go to btcpins.com and buy a FOSS pin set to support open source development. I love you all. I'll see you on Thursday for rabbit hole recap, and I'll see you next Bitcoin Tuesday for another dispatch. Stay humble and stack stats.
Is Gary Gensler, and welcome back to Office Hours. What does the SEC have to do with crypto and why is the chair of the SEC talking about crypto? Now, technologies come along decade after decade, but those that have a chance to thrive, grow, come within public policy framework. To be clear, I think that the SEC should be technology neutral. But one thing we're not neutral on is investor protection. Our agency, the SEC, has had rules for decades to protect people when companies wanna raise money from them or when we, as investors, buy and sell securities on an exchange like the New York Stock Exchange. But you see crypto trading platforms, crypto lending platforms don't have the same level of investor protection that you've come to expect buying and selling stocks on a stock exchange or investing in a mutual bond or a 401, Ken. In the years since Bitcoin was started, literally thousands of other tokens have been launched.
Many of which traded on platforms may well be securities under our laws. That means if the platforms and certain of the tokens don't register with the SEC, they're noncompliant with the important federal protections in our laws. So I've asked staff, the SEC to use all of our authorities anywhere we can to uncover any wrongdoing. Authorities aren't enough. I've also recommended to Congress for them to consider filling those gaps with a goal of investor protection. To those currently or considering investing in crypto, please remember not only are they a highly speculative asset class, but there are also significant gaps in the investor protection afforded to you. I think that moving forward, promoting investor protection is not only good for you and for anyone who would consider investing in these assets. I think that it's the only real viable path forward for this nascent technology.
See, at the heart of finance is trust and trust rests on investor protection. And so that's what the SEC has to do with crypto investor protection.
[00:03:10] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt Odell, here for another Citadel dispatch. The interactive live show about Bitcoin distributed systems privacy and open source software. To the freaks joining us through our audio feeds, that was the SCC chair, Gary Gensler, quite cringe video, announcing his, it seems like a war on crypto. It seems like his focus isn't really on Bitcoin, so take it as you will. But, either way you look at it, he is he does seem to be going after at least the low hanging fruit Chick Coins and the casinos that allow them to trade.
I wanna do a quick shout out to our ride or dive freaks joining us in the live chat. I know this is a later dispatch than usual at 8 PM EST, midnight UTC. We're competing with prime time, East Coast Television, including, the the the Olympics that are going on right now. So I hope you find this conversation more interesting than those corporate filled NBC streams. I also wanna do a oh, of course, to join the live chat. I mean, my favorite way of doing it is through Twitch. We have people joining us on Twitch, Twitter, and YouTube. I think I might start phasing out YouTube. They did cut my stream, before the end last week, but we do have a lot of freaks that like using the YouTube stream, so I'm kinda battling with it. But, eventually, they'll probably ban us, and then you'll have no choice but to use Twitch or Twitter.
As always, the videos are posted to Bitcoin TV after we air. So all the archives are there, bitcointv.com, and they are posted to our podcast feed. If you just search it, it'll dispatch in your podcast app of choice. Huge shout out to all the freaks who support the show and keep it ad free. I will never add ads to this show. We will never have sponsors. I like how the incentives align, with the audience. I'm here for you. I feel like you guys are here for me, and that's what it's about. My favorite way of you freaking supporting the show is using podcasting 2 point o platforms. If you go to new podcast apps.com, you can download a podcast app that supports streaming sats, search Civil dispatch, load it up with sats, and then as you listen to the feed, it'll stream sats directly to my lightning node.
You can also contribute to the show, at sidildispatch.com via PayNIM. My PayNIM is Odell. Very easy to remember. There's also, Tipin. Me there if you want to contribute via lightning in that fashion. So thank you, Phryx, for supporting the show. That's what it's about. You also can support the show by getting merch. We have hats, magnets, and flasks available at citildispatch.com/stack. Also, big shout out to BTC pins, who's a ride or die freak and constantly joins us for these live shows. If you go to btcpins.com, he is currently selling free open source software pins, a collection of pins, that include pins from BTCPay, Zeus, Bisc, and Raspberry Blitz, and very honored, it also includes a pin for Citadel Dispatch.
We do try and replicate the FOSS model here with the show, and it's quite an honor to be a part of that PIN set. All proceeds go to OpenSats, to support, open source Bitcoin development. So it's a really great initiative. I'm very excited about it. I will be auctioning off, a pin set for for devs, at the Bitblock Boom Conference in Dallas later this month. So all that, very exciting. This is a very looking forward to this conversation. It's a conversation I've wanted to have for a while now. It's a project that's been on my radar. This is dispatch 33, and we will be focused on building your own Bitcoin hardware wallet with the seed signer team, 2 of the guys from the seed signer team.
We have seed signer himself, which is both his name and the name of the project. He's lead maintainer. How's it going, SeedSigner? It's going great. How are you? Welcome to the show. It's a pleasure to have you. I'm super excited to be here. And we have Keith, who is a contributor, a recent recently new contributor to the Seed Signer project. How's it going, Keith?
[00:07:50] Unknown:
Alright. Thanks for having us.
[00:07:52] Unknown:
Yeah. Let's go. Happy Bitcoin Tuesday, guys.
[00:07:57] Unknown:
Amen.
[00:08:00] Unknown:
So we are here to talk about building your own hardware wallet. I know on your website, you say you could build this hardware wallet for $50. I I have a picture of what the finished product looks like for the people on the video stream. It looks something like this if you if you opt for a 3 d printed case to put around the enclosure.
[00:08:23] Unknown:
Right. But as Keith demonstrated, it's you you can absolutely use without one too.
[00:08:28] Unknown:
Yeah. But a lot of people are into into printing, so it's it's a great option. And then these are the parts. So I guess you could use it like bare board, right, where if you just connect all the parts together?
[00:08:39] Unknown:
Yep. And we have a a new enclosure that I don't think it's in the repo yet, but it's gonna be in its, the the enclosure you just showed was a little bit more complex with multiple parts, and there's a a simplified one that's actually just one printed part, leaves the top kind of the top portion of the screen exposed and the button exposed, but it's it's kinda optimized for fast and simple, deployment if you just wanna put something together quickly.
[00:09:06] Unknown:
That sounds fantastic. So, I mean, let's just dive right in here. What what was your inspiration for the project? What was what's the project's goals? You know, why are we here to begin with?
[00:09:20] Unknown:
The goals for the projects, I would say, are to reduce the cost and complexity of multisig. And the origins of the project come from, kinda like chat conversations I have with, a security research researcher named Michael Flaxman. I think you may have had him on the show before. And, interacting with some of the guys with Spectre Desktop, and they have a a similar kind of project called Spectre DIY, which is, to back out for a second. There's still kinda some the nomenclature is still being developed for this kind of signing model where, kind of the the wallet and the signing mechanism are separated. So with, like, a traditional wallet, like, if you think of, let's just say, Trezor or, a ledger.
So your private key is being stored on the device and kind of the wallet functionality is such that you dial in through the device or the device interacts with a portal that's maintained kinda by the service provider. And we are kind of we we break that kinda traditional wallet into multiple pieces to where we you have 3 parts. 1 is the wallet coordinator that is like Specter Desktop or Sparrow or BlueWallet Vaults, and that manages all the interaction with the protocol and publishes transactions, scans the blockchain for, you know, incoming transactions, maintain your your balance, that kind of stuff. And then there's 2 other components, which you might call, the signing device and then key storage.
Key storage is just whatever you choose it to be. It could be as simple as a piece of paper. So, obviously, most people, you know, prefer to put their key in the in the metal so that, if something happens to their paper, they have a more durable backup. But then the signing device is kinda like the bridge between your key storage and the the wallet coordinator or the multisig coordinator. And what the sign device does is you input your private key, which is represented by your seed phrase, into the sign device. And the sign device basically proves to the wallet software that it knows the key without ever actually, without ever actually transferring the key to the wallet software. So the the model is it's an air gapped, transaction that's moved between the multisync coordinator and the signed device. I don't wanna get too much in a nuance here, but some devices do this with like, Coldcard does it with a micro SD card where you have something called a partially signed Bitcoin transaction that is moved back and forth between the coordinator and the signed device, with a micro SD card, but we use, like, it's called optical air gap signing. So it's just QR codes
[00:12:18] Unknown:
that move that same partially signed transaction back and forth from the signer to where this go ahead. You have you have a micro SD card slot on the device. That is just for flashing the firmware. It's not actually
[00:12:31] Unknown:
used for PSB Ts. Right now, that's just used for flashing the firmware. I say right now because we're hoping, we have also another contributor working on a custom operating system that would give us a few additional features, one of which is additional, additional assurance for the users so that they could boot seed signer up. All of the operating system and everything you need gets loaded into memory, and then you can actually remove the micro SD card before you input your private key. So that's an additional kind of reassurance
[00:13:05] Unknown:
that your private key is not making it anywhere under the micro SD card. Micro SD is gonna go back into an online device for their firmware upgrade or something like that.
[00:13:15] Unknown:
Yeah. It it could. Yeah. But, also, the advantage of that system is if we can pull the micro SD that the operating system was loaded from out, then we could actually if some people prefer to do, moving the PSVTs back and forth with the micro SD card, that would allow us to add that feature to which, some people prefer.
[00:13:35] Unknown:
Great. So, I mean, I'm gonna call you seed for the rest of the show. So seed, I mean, don't feel the this the dispatch is all about going deep. So Okay. We can we I expect us to go deep here. That's what it's about. The freaks have already listened, to Craig Raw from Sparrow multiple times on the show, so they're familiar with Sparrow. They're very familiar with Spectre. They're familiar with the ideas around multisig. So the so the idea here is is is you have a multisig wallet. Right? And you have the coordinator, software on a computer that is connected to the Internet or in the case, blue wallet of the phone. Right. And then you have these multiple signing devices, which historically we've called hardware wallets. I understand in the industry, we're trying to move to signing devices, but, you know, names do stick.
The so when you're doing that, you you're usually the 2 main methods is you have a 3 of 5 or a 2 of 3. And, basically, what you're deciding is, what devices are gonna make up, that that threshold of keys for you. And, you know, some people use cold cards, some people use Cobo Vault, some people use, Trezors or Ledgers. I don't think Ledger works really well with multi sig. But, they they use all these different devices, and they basically and then they also have a seed backup.
[00:15:06] Unknown:
Right. And
[00:15:09] Unknown:
seed signer fits in as one of those signing devices in this multisig threshold.
[00:15:15] Unknown:
1 or more of those signing devices. Right. Obviously, you know, the the belt and suspenders best security model is to mix vendors and mix hardware platforms. So that if there's a vulnerability you're not aware of in one of those platforms, only one of your keys is compromised. But, you know, with security, there's always trade offs. So, a lot of people find their way to our project because they're curious to experiment with multisig and just kinda try it out and get started. But they don't wanna spend, you know, 2, 3, $400 on wallets. So the cool thing about SeedSigner is it can operate as any or every cosigner in in multi sig because it's it's, what's called a stateless device. So when you input your seed phrase, it only stays active in the device while the device is powered. It's just basically a variable in memory in the program. It's not written to the micro SD card, such that when you power the device off, your seed is not retained on there so you can,
[00:16:14] Unknown:
it's kind of a dumb device, I guess we'd say. Right. So you can, if you're testing out, you can put multiple seeds in there. Ultimately, the seed is the the the the the seed is is is your interact was is the main way a person interacts with the private keys. Yeah. Exactly. You're entering the seed every time you use the device, and that that means that a lot of these more expensive devices incorporate secure elements. They're trying to secure the secret on the device. But because you're using off the shelf hardware and you're not, you you don't have a secure element in the device, you're not trying to necessarily protect the secret on the device because when it powers off, it should theoretically wipe any of the secrets from it. I wouldn't say it it wiped. The secrets are just in memory on the device, and when you unplug it,
[00:17:05] Unknown:
memory goes away. So yeah. It it what what I would also point out is, so when you set up a cold card or or tracer or anything like that, the first thing that they have you do is write down, you know, your 24 word backup Right. Or 12 words or whatever you're doing. So you already have with with traditional hardware wallets, you already have this need to safeguard your seed phrase. And then, like I said, with security, it's trade offs. So they they're storing your seed on the device as well behind, like you said, a secure element. And then you have usually kinda like a shortcut, like a pin phrase or maybe a fingerprint or something like that that allows you to quickly and more conveniently have access to your private key.
So our thing is more aimed at people who are, saving or huddling Bitcoin for the long term, who are gonna do less frequent spends. But, anyhow, I I just wanna point out, you're always gonna have to safeguard that private key. So if you're more of a saver and a less frequent spender, you know, it's to spend with our device, you have to access your private key, but it's the only thing after protection. And we can we can dive into the specifics of that, a little bit further into the show. I feel like we kinda got ahead of ourselves. We did. So before so,
[00:18:27] Unknown:
you know, the freaks are very familiar with Spectre d DIY, which is a similar concept. Use off the shelf parts, to make a signing device. I think you were I may be involved with, like, creating a case for it or creating builds a build for it, like, to to sell it. And Right. Correct me if I'm wrong, kind of the inspiration for this was was that that build altogether comes in a little bit under 200, and this is significantly cheaper. Is that was that part of the inspiration of the project?
[00:18:58] Unknown:
Yeah. It was, like, I I can't upsize enough how much it was Spectre that kinda led me to it. I, before, you you know, I was always looking to get into multisig, and I come to Bitcoin kind of from a unique background that we can get more into. But, when I was looking for a long term kind of security setup for storing Bitcoin, I wanted to get into multisig, and it it was taking a long time for some of the different coordinators to get online. And I happen to listen to this podcast that Flaxman did with Stefan Lavera and heard kind of some of his tips, and that was the first place I'd heard of Spectre. I hadn't heard of Spectre before that. So I download Spectre. I start looking at software.
I find in the repo, they have this DIY or do it yourself wallet. I have a little bit of a background in hardware, so it didn't seem like a difficult thing to build. And prior to that, I had been using actually, this is probably horrible, but I was using a website called bidaddress.org, which I think is still out there. I think that's what I used right in the beginning when I first Right. Created Bitcoin. And I had used they have a setup to where I think you use Shamir's secret sharing and you can split up a private key among, like, different pieces and you that way you can kinda replicate a multisig setup, but it's not true on the protocol. So I had kind of a simple thing where I had, the you know, I I just I I wasn't totally satisfied with it. I wanted to, you know, I I just I I wasn't totally satisfied with it. I wanted to, like, have more confidence in my security setup. So I was kinda, like, looking for something when I heard that podcast, started playing around with with Spectre, found the DIY, put it together.
And the first time I used Spectre with the kinda air gapped QR signing I described before where you scan QR's in and then you kinda, like, approve the transaction and scan it back into your laptop, like, that for me was the light bulb moment that was almost equivalent to my 1st Bitcoin transaction, my 1st lightning transaction. It was just like, this is like, this makes sense to me. This is the way that I wanna do it. And so like you mentioned, I think Flaxman again had a tweet where he was like, I love this wallet but somebody needs to build a case for it. Well, my background, like, one of the things I tinker with is 3 d printing and 3 d design.
So I just kinda started iterating with the hardware and trying to find the best way to fit it into an enclosure. And I made one and I was, like, proud of it, and I started interacting with Stepan from, Spectre and I sent, I sent Flaxman 1 and I sent Stepan 1, and, I I started selling them in, like, a small square store. And as I started interacting with Flaxman more, he was describing to me, a, device he'd kinda thought of where you use a very specific version of Raspberry Pi. And it it's a Raspberry Pi 0, which if people aren't familiar, that's a smaller version of the Raspberry Pi that's smaller than the kind that people typically use in nodes. It's just a smaller form factor. And there's a very specific version of the Raspberry Pi 0. It's a version 1 dot 3, and it is built without Bluetooth and without Wi Fi. So it's kind of this naturally inexpensive air gap kind of system.
And he talked about attaching a little screen and controls to that, Raspberry Pi 0 so that you could enter, like, the first 23 words of your seed phrase and then kind of in a a secure way, totally offline, be able to calculate the check some word and come up with a full, a full seed in a pretty secure independent way. And so I ordered some hardware pieces. I have a little bit of a background in technology. So I, I started playing around with that and was able to implement kind of the, the thing he was talking about where you kinda enter the words and it it calculates your 24th word. That's great, but I still love the Spectre DIY, and I got to thinking, like, if I attach, like, an inexpensive camera to this thing, can I replicate that core signing functionality that the Spectre DIY does?
I I kinda joke that what I contributed to the seed signer project is being a cheapskate because I wanted to see kinda how how low could we drive down the cost to build something that maybe doesn't have all the features of a DIY, but is like a basic signing device that's that's pretty darn secure and that people can build cheaply themselves from, you know, things that they can buy in various places on the Internet. So that's, that's, I think, an answer to your question. And I mean, specifically, I mean, we're gonna
[00:23:31] Unknown:
go further into the trade offs here. But, I mean, specifically compared to, like, these professional hardware wallets or hardware signing devices, whatever you wanna call them, the fact that you can build this off of off the shelf parts makes it more resistant, to government action. I mean, if you could foresee a situation where in certain parts of the world, it might be hard to get, a purpose built Bitcoin device, while it's still easy to get RASPIs.
[00:23:59] Unknown:
Right. And the other concern for people like, I had a a gentleman contact me from an an unspecified country in the miss Middle East, and I think they can actually get hardware wallets there, but they're not through official distributor channels. They're all kind of third party. So there's a high degree of uncertainty as to whether or not the hardware has been tampered with. But like you're saying, yeah. So if you live in some place where it's outright banned or you just don't want people to know that you're interacting with the Bitcoin protocol or that you're saving or storing Bitcoin, like, you can order these seemingly innocuous pieces and and,
[00:24:34] Unknown:
like, kinda secretly build your own thing. Right. I mean, you have, like, the the ledger hack is a perfect example where there's basically a list that got leaked of of people that are interested in Bitcoin or at least shit coins. Right. And in in this case, that wouldn't happen. So, I mean, let's dive into this. You you have the Raspberry Pi 0. You know, I checked Amazon. They're they're pricing that at $20. Then you have a Waveshare LCD that's priced at around $17. You have the camera module, which is 14, and then you have a micro SD, at least 4 gig micro SD, which is basically shipping cost. I mean, that's they're pricing that at, like, $8. And then Right. You have an optional case if you wanna if you have a 3 d printer, you can print the case yourself. Yep.
So, I mean, you are kinda pushing it a little bit. Right? Like, really, the cost comes into, like, mid fifties.
[00:25:29] Unknown:
It's it's probably closer around 50. The so if we go to, shout out to shoot. I addafruit.addafruit.com if you're in America. You can get a pie mailed to you through standard mail for less than $10.
[00:25:47] Unknown:
Oh, wow. So it's,
[00:25:50] Unknown:
it's cheaper there, and there are other outlets too where you can find them. Like, we have a where I live, we have a micro center, and you can actually walk in with cash and buy one for $5 there. That's awesome. But it's just 1. But the the kind of the barrier with those is they don't come with the pins pre soldered on them. The larger Raspberry Pis have the the pins preinstalled, but the smaller ones for whatever reason they don't tend to, install them when you get them from the manufacturer. So you're either gonna have to buy one with the pins preinstalled or, you know, if it's soldering may seem kinda, like, overwhelming to some people, but it's not as crazy as you think.
And I've had a lot of people that have contacted me privately and say, like, I'm gonna try this and they watch a few YouTube videos and they're able to pull it off and it works fine. But I I'll also mention, shameless plug that, I sell the presoldered Raspberry Pis for $15 through the Square shop that I operate. So, if you're okay with, you know, buying it not yourself at, you know, a brick and mortar retailer or something, you're okay ordering it. I sell them for 15 with the pins attached, so that's kind of a way for people to get in the door there.
[00:27:00] Unknown:
Awesome. So we have the parts. What I'm just curious. What does the Spectre DIY use as their baseboard?
[00:27:10] Unknown:
They use, I believe you'd call it, like, a development board. So it's it's more geared towards, people who are experimenting with different hardware platforms and their form factor is much like a mobile phone, and it has a lot of the same, kind of hardware features of a mobile phone. But they're, the the, it's called a disco board. I I can't remember the model number, but I think they retail for, like, $62 is probably a good price for those at least. Yeah. The best one that I found. The core processor is, STM 32.
[00:27:45] Unknown:
And the screen, I think it's basically like an iPhone
[00:27:51] Unknown:
4. It's a full touchscreen. Right?
[00:27:54] Unknown:
Yeah.
[00:27:55] Unknown:
While the seed signer uses kind of like a joystick.
[00:28:00] Unknown:
Yeah. Yeah. So it's, for us, like, your what I I like to kinda think of it as seed signers maybe closer to entry level, though I think it's getting better and better. But Specter DIY is kinda like mid grade and then Specter shield that they have with their proprietary, add on board. I kinda call that, like, the premier kinda top tier. So for us, yeah, you don't get that big touchscreen that you're gonna be able to, at least at this point, type letters into. But we've come up with some pretty creative ways to to use the joystick. Keith can talk more about that, absolutely, and, more creative ways to get the seed into the device that that Keith came up with.
[00:28:43] Unknown:
Yeah. I mean, the cool part about multisig, right, is that you can use all these devices together in your quorum. And in general, when we're talking about multisig, you know, the more options, the better. We don't want everyone using the same exact setup. Keith, so you wanna talk about, I I think I know where this is going. I I guess, yeah. Let let's let's talk about that. So let's let's talk about so you have this you have this seed. You have these words. Personally, I think, you should keep those in steel. I don't know if you guys disagree with me on that. Totally agree. Because it's fire and water resistant, and, obviously, EMPs or or whatever things that can destroy an electronic device cannot destroy steel.
If anything, the biggest negative of storing your seeds in steel is it's really hard to, destroy them if you wanna destroy them, which is the benefit. So you're entering the seed every single time you use the device. And, Keith, you came up with a pretty novel way of making that not a pain in the ass. You wanna talk about that?
[00:29:57] Unknown:
Yeah. So well, first of all, when I saw Steve give his demo in the Phosstome in, in Miami, you know, I was just like I was blown away. Right? I I I wanted to make sure I caught his presentation because we had interacted a bit on on Twitter beforehand. But I noticed that while he was demoing, you know, you so you have to enter enter your seat, and he's got, like, you know, a 20 minute slot or if even that in in the phosstome. And so he's just hitting abandon, abandon, abandon, abandon. Right? The very first, dip 39, mnemonic seed board. And so that's his, like, quote, you know, high entropy, private key that he's, you know, configuring, just for the purpose of the demo. Right? Just to get it in there so he's got a seed signer that can do its thing.
And so I get home from Miami. I get the parts. I assemble my seed signer. I'm so excited. And then, someone says I'm really quiet. Let me see. I raised your volume on my side for what it's worth. Okay. Alright. Yeah. Well, hit me up in the chat if it's still quiet. And so yes. I've got my assembled seed signer, and I, you know, generate a a a fake key that I can, you know, toss away. And I start entering my 24 words. I'm like, oh my god. This is, you know, it's like 5 minutes, right, to type in a full 24, word seed. And so I think the first thing I did was just changing the input UI. So it was using, like, a vertical, like, cylinder, basically. We you know, you'd scroll through the alphabet, letter by letter. And then as you enter each individual letter, it can start eliminating letters, you know, as as like the the matches against the word list, narrow down.
But it still takes too long. So then I was able to build a keyboard UI where you can use the joystick to move across a virtual keyboard, click the joystick to select your letters. It's a little bit quicker. And then the the next thing was, okay, I've got it down to, like, I don't know. I can do this in 2 minutes now with this keyboard UI, but it's still too long. And, you know, I'm just thinking about my own, like, I'm a lazy jerk. Right? And if I know that, oh my god, you know, I should get my coins off of the exchange. But, crap. I gotta, you know, type in all these damn words on this damn thing.
If it's too hard, I'm just not gonna do Right? That's like the bane of security. You put up too many barriers, and then you just start taking bad lazy shortcuts. So the the seed word list is 2,048, you know, specifically defined words. And when you're entering your seed, they're basically just being interpreted as the index number that they appear on the list. So the very first word in the list is abandon. Abandon equals 0. And then whatever the second word is, that equals 1. Because, you know, we're computer science. We we zero index our our counts. So your 24 words are really just 24 numbers that are at most 4 digits each.
So, you know, at first, like, okay. Well, we could just enter them by digit. That that'd be a little bit quicker, but not really great for, like, as a human UI. Like, you know, if I write down the wrong number, now I've just screwed up everything, and I've, you know, lost access to my funds. But then because the seed signer already has a camera on board, and it's built to read QR codes, I was like, okay. We have 24 4 digit numbers. How big is a QR code that would store that? And it turns out you can fit it in a, what is it, 29 by 29, SploC QR code.
And so on on a weekend, I was like, okay. This might be just the dumbest idea ever, but I'm gonna render my 24 words as a QR code, 29 by 29, put it up on the screen. I'm just gonna print out a grid, and I'm gonna see if I can just manually manually transcribe this thing. And, you know, at first, like With a Sharpie. Like, you put it. Right. Right. You fill in the squares with a Sharpie. Yeah. So the first version, though, like, it was just so primitive. It was just showing the entire QR on this tiny, like, 1.3 inch screen. And, you know, I'm trying to, like, look at, like, the individual blocks, how they line up.
And I was able to transcribe it and and scan it back and show that it worked, but, like, I was blind afterwards. You know, my eyes were so sore because I was squinting at this tiny screen, these tiny little pixels. And then so I spent a little more time, and I was like, okay. Can I zoom into the QR code, and can I show it to you, like, a 5 by 5 chunk at a time and let you, you know, pan through the entire QR, you know, 5 by 5 steps at a time? And when I got that working, I mean, that was just a a heavy lift of just, you know, UI stuff working in, in in the seed signer hardware. But once I got working, it was so easy to transcribe these QR codes. And then I made a matching template that had those 5 by 5 grid lines. And, you know, everyone had the same suggestion. They're like, this should be Battleship. You should be filling in square, you know, d 5.
And so, you know, one axis is letters, the other axis is numbers. The seed signer, when it's zoomed in, it shows you the 5 by 5 grid that you're zoomed in on. It shows you the number. It shows you the letter, that identifies that spot. And, yeah, and then the Sharpie. And, you know, so now people are, like, going crazy just seeing how sloppy they can be, how quickly they can do it. And, like, QR codes are so resilient. Somebody just posted in the Telegram group, like, 5 minutes before the stream started, that I I think they said, like, their mom or their grandma is stitching a QR code. So they posted the photo of the, like, stitch you know, the the the lattice work of the, that they're gonna be stitching into. And they had already stitched the the 3, big concentric blocks in in the 3, corners of the QR code. So they've got, like, the basic template, and now they just need to, like, actually go, spot by spot, and and stitch it in. It looks so funny. It it's just so cool.
[00:36:43] Unknown:
And the reason the re to the freaks that are wondering, like, why did Keith go through this trouble instead of just printing the QR code filled out is because then your secret your private keys are on a computer and is stored in memory. A lot of these printers stored in memory, so you you don't you wanna avoid that step. That's why, you know, common practice is to to write it down on on piece of paper or put it into steel rather than, putting it into a computer. That's the whole that's the whole goal of SeedSigner in the first place is that your online device doesn't ever have this secret.
[00:37:18] Unknown:
Yeah. And and after after Bitcoin 2021, like, what like, how how Jack Mallers has changed the world, was just so inspiring. And so everything it it it just changed the way that I view Bitcoin and this project in particular, which is like, hey. What if there are people that don't have printers? Like, forget the security issues. Right? They don't they don't have, like, you know, the the easy access to to tech and money that we have. So how would they be able to use this? Like, can someone in El Salvador who's making $300 a month buy a cold card for a 100 and, you know, $14, $20, whatever it is. Like, it'd be amazing if they can. The cold card is a phenomenal hardware wallet, but it becomes a really high barrier to entry when the price is creeping up to a $100 or a 100 plus or the $300, foundation devices thing.
[00:38:16] Unknown:
So flow is the flow is, when it when it comes time to to sign a transaction, your you power on your seed signer, you plug it into power, through micro USB. Right? And then you scan the QR code that you have. And I guess the QR code is, like, your your easy access to the seed, but then you also have a separate seed backup. Right?
[00:38:47] Unknown:
Yeah. Like, I I'm I'm totally on board with steel. I I just got a a block mitt, jig to to pound, my seed words into, steel washers. Yeah. And and those are gonna be, you know, the, like, survive a fire, survive an earthquake, backups.
[00:39:05] Unknown:
Right. And then you have your QR code for for easy input every time you use the device.
[00:39:10] Unknown:
Yeah. Yeah. Exactly. And, you you know, I I getting a little ahead of us of ourselves, but I I'm even imagining, you know, like like a collaborative custody company. You know, you've got Casa Unchained. They hold one key, at least, for all their customers. I mean, do they have, like, a cold card or a ledger or a treasure sitting in a drawer for each customer. You know, imagine if they just had, like, secured QR code sheets for each customer. And when they need to help cosign on a transaction, they just unlock their customer secure sheet, scan it scan it with a seed signer, sign the transaction, and then, you know, lock up their sheet again.
So it you know, it like, this QR based seed entry model can work for the poorest of people. But then also these, like, collaborative custody companies that, you know, could be making 1,000,000 and 1,000,000,000 of dollars.
[00:40:15] Unknown:
Yeah. I mean, anyone who's entered a seed into any of these devices, can see the value in it pretty quickly. So, I mean, another big issue with these devices is how to generate a secure, seed in the first place. You you need proper randomness, in order to have a seed that can't be brute forced. And we've seen in the past different services that offer to generate your private keys or or different tools that offer to generate your private keys, and they don't have sufficient random to have some kind of broken randomness. And as a result, the seeds aren't secure in the first place when they're originally generated.
[00:40:59] Unknown:
Have there been any documented cases that I I'm just curious, like If I remember correctly, blockchain.info
[00:41:06] Unknown:
is using random.org for their entropy, and and and there was, like, a 404 error when a bunch of people their address. Oh, god. Generated their seeds, so they didn't have actually any entropy whatsoever.
[00:41:21] Unknown:
Right.
[00:41:22] Unknown:
And those all got swept. But the big fear is, like, if you use a, most computers have, like, random number generators, but, you know, one of the big conspiracy theories is that those random number generators are compromised, like, by Intel and stuff. Right. Either Intel or see, like like, bid address, like, makes you, like, shake your mouse or something to add entropy.
[00:41:49] Unknown:
That's also for some of the hardware wallets, like, they'll they'll call that a retirement attack where somebody, you know, is inserted some sort of predictable quote entropy into a hardware device and then in an undetermined amount of years when they're ready to go, they, they can sweep some things.
[00:42:08] Unknown:
So, historically, one of the ways to get around that was dice rolls, and I guess that's what you guys used originally. But I saw you have a new method for entropy.
[00:42:18] Unknown:
Yeah. That's all Keith's. You wanna talk about that, Keith? Yeah. So and and, you know, let me be clear. I'm I'm not a cryptographer. So, you know, if if, any of the freaks out there who know way more about this than I do, if this is a terrible idea, please, please let us know. You know, I I consider all of this experimental until it's vetted by the community. But it's pretty simple. Seed signer has a camera on board. What if we just took a photo with that camera? It's 7 20 by 480 pixels times 3 color channels, RGB. That's a lot of data.
Each pixel each of those channels is, you know, ranging from 0 to 255. Take a picture, hash it with SHA 256, run that as your entropy, and what comes out? A 24 word seed. And because, we get because of SHA 256, if a single pixel value is changed by a single integer, You know, red 248 is changed to red 249, but the entire rest of the image is identical. That should generate a completely different seed, once you run it through shot 25 256. And, you know, some people have tried to poke holes in this. And again, I invite that a 1000%. You know, what if there's, the sensor noise is this? What if there's smoothing applied to that? What if there's a, like a a grid pattern that's, you know, invisible to the naked eye, but inherent to the sensors themselves? You know, what if there's more structure there than, than you think there is?
And I, you know, I I I just keep doing these thought experiments. Like, okay, let's say every other pixel is pure black. There's just no data there. And let's cut it down from RGB down to just down to just monochrome. I it it's still there's just so many pixels going into the hashing function that, you know, for for my layman's understanding of hashing, I just I don't see how there's a problem. But So
[00:44:39] Unknown:
so my monkey brain goes to well, first of all, so OpenDimes use a similar setup for entropy. They tell you to drag a random file in to the OpenDime at at creation, to generate the private key. But what they do is they also use entropy from the device, so they combine the 2. So where my monkey brain goes is it'd be kinda cool if you can combine the entropy from the photo with entropy from the dice if you want to. Like, have have that as an option could could be a nice little paranoid extra step.
[00:45:22] Unknown:
Yeah. Or even accumulate over a series of photos.
[00:45:26] Unknown:
Exactly. Yeah. I like that idea.
[00:45:30] Unknown:
But yeah. And and assuming this idea holds, like, I it just really tickles me. Like, you know, if if I wanted to set up a a Bitcoin fund for my nieces, I would take my seed signer over to their house, use it to take a picture of my nieces. You know? And so their faces would be the entropy for their mnemonic phrase for their, you know, seed that I'm gonna help fund their their, you know, college or whatever money, in the future. Like, I just think it's so cool that you can attach, like, sentimental representation to the creation of a new seed.
[00:46:11] Unknown:
Yeah. I like that idea a lot. I really like the several photos. That's a that's a cool idea. Yeah. That that's so so I think we've nailed all the basics here. I mean, that's awesome. I mean so so that's currently in beta right now. Right? Like, is that is that in the in the proper, release?
[00:46:37] Unknown:
No. That's in that's in, the most recent build that's out there. I was also gonna ask, do you have the ability to show, like, a YouTube video up in the stream? I didn't know that.
[00:46:50] Unknown:
I could. Yeah. If you send me the link in the private.
[00:46:53] Unknown:
So it's yeah. I can do that. It's, we have kinda like we can just run-in the background, like, a 10 minute demo or something that kinda shows an overview of the process of, like, setting up a a wall and stuff, it'd probably be helpful for people who aren't familiar with, you know, just the air gap signing thing.
[00:47:14] Unknown:
So I have a I mean, before we get yeah. So send me that link, and I'll Yeah. Get it ready. But, before we get there so trade offs and threat models, we have a stateless device, off the shelf parts, no secure element. It's gonna primarily be used in a multisig quorum. Do you think anyone should be using this in a single sig setup?
[00:47:42] Unknown:
I I actually don't see any huge issues with it. If if you're obviously, part of the trade off with with trying to find the right security setup is how much value are you protecting and, you know, what kind of barriers are you putting in place to protect that value. So if you're protecting, you know, like, this is your Huddl stash, this is what you're saving to pass on to your kids or deep into the future or whatever like that. I I have a strong feeling, that you should be in multisig. Some people think we're still early for that, but I I think the tools are there and it's accessible to enough people that, like, I wanna get more people in the multisig. That said, like, for you can kinda think of it savings versus checking. You have, like, a checking account where you're gonna be maybe buying things with Bitcoin or or, don't know, maybe you're an active trader and you're moving things between exchanges or whatever and into a personal wallet kind of in the interim, I think, a seed signer is perfectly fine in a single sig environment for that. We that was another feature we added on our 2 or 3 versions ago, so it's not just for multisig, but we do have a, a single sig mode and settings that you can use.
[00:48:49] Unknown:
My biggest concern, from a single sig point of view is the evil maid attack. So, like, we're entering we're scan we're entering our our secret into this device every time we use it, whether that's by QR code or entering 24 words.
[00:49:08] Unknown:
Mhmm.
[00:49:10] Unknown:
And so the evil maid attack is this idea where someone replaces an evil maid that you have cleaning your house, replaces your your hardware device, with a compromised device that doesn't, that that has Wi Fi or Bluetooth enabled on it, and it transmits that secret, to the evil maid. And in a multisig setup, that threat is alleviated because you need a threshold of secrets. You it's not just one secret. Sure. But in a single sig, right, a single sig, all of a sudden, that becomes a threat. So you have to keep your device regardless, you should be keeping your devices physically secure. Right? You don't want people to easily see them or get access to them and swap them out. Right? Right. Right. Right.
[00:50:03] Unknown:
Yeah. And I like, that's definitely a legit attack vector, and that's why I say, like, obviously, this isn't your whole stash. If you're using a single sig, it's more of like a a convenience kinda like money you'd carry in your wallet kinda thing. But, yeah, I I totally get what you're saying. One of the other things I'd point out with seed cider is if you have concerns about, that the memory card's been tampered with or whatever, like, that is something that you can remove and wipe between uses or just remove and keep in a more secure place between uses, to mitigate, like, you know, somebody having tampered with the, the data on the memory card?
[00:50:48] Unknown:
That makes sense to me. I'm currently setting up this video. Keith, do you have anything to add here?
[00:50:53] Unknown:
I was just gonna say that, you know, if anyone's going to be using seed signer, either for single sig or multisig, you know, you should just you should always validate seed signer with a different device. So this is what I did in the the early days of Spectre desktop. I wanted to start using it for my multisig, and I basically created the exact same multisig in Spectre desktop and in Electrum, verified that the addresses that were generated were identical in each, was able to sign transactions in both of them. So I was very confident that Spectre wasn't doing anything, you know, weird or nonstandard. So that even if the project crashed and burned and disappeared off the face of the planet, I wouldn't you know, my Bitcoin wouldn't be stranded with that lost project.
And there's so much standardization now that, like, it I I just feel like the the risks are getting less and less. That if if it works in SeedSigner talking to Specter, talking to Sparrow, talking to BlueWallet, then, you know, any other wallet that can talk to them is gonna work too. And if it if there's a bug in seed signer, you're gonna find out pretty quickly. You know, early on in Spectre desktop, I was messaging with Stefan, and this is back in, like, late 2019. And, you know, and he's he was really good about telling people, like, it's experimental. Don't use it for real value. Don't use it for real value. And I messaged him. I'm like, yo, man. So, I'm actually using it for real value. And he's like he's like, yeah. I am too, but I'm not telling people that.
[00:52:40] Unknown:
That's funny because I actually had that exact, like, DM conversation with him, like, early on. Like, so if you were gonna use this to secure your personal funds, and, he must have, like, progressed to the point where he was more comfortable with it because he he was like, no. I I think we're I think we're at that point.
[00:52:59] Unknown:
And and so we're we're using PSBTs here, partially signed Bitcoin transactions. Yeah. Yeah. Yeah. Yeah. Does this video does this video show us using PSBTs?
[00:53:08] Unknown:
Yeah. It's gonna it it actually goes through the whole process where you actually set up the wallet in Spectre from scratch. So you're gonna be inputting those, like Keith was talking about, the really simple repetitive seeds, and then you're gonna input the XPUBs into Spectre via QRs, and then I go through and sign a transaction. So it gives you gives you kind of the full
[00:53:29] Unknown:
gamut of of what the QR exchange process looks like. Cool. And, Freaks, feel free to put questions in the live chat, and we will get to them. Okay. I'm gonna play this video. Cool.
[00:53:45] Unknown:
And we can talk during this. I I, it's probably painful in the beginning because it's repetitive that we're setting up. Are you doing abandon? Are you gonna about to do abandon, 24 times
[00:53:56] Unknown:
or 23 times?
[00:53:57] Unknown:
You can actually do I didn't do it in this video, but you can do bacon 24 times, and it's the the proper, checksum word.
[00:54:06] Unknown:
Bacon's its own checksum of 23? Yeah. Bacon times 24 is a valid seed. So the freaks that are wondering what we're talking about here, the it's actually you you have 23 words, and then the 24th word is just checking to make sure that those previous 23 words are, valid. It's, it's called a checksum.
[00:54:28] Unknown:
And I don't know who I don't know if it was Jimmy Song or somebody, but they actually, like, did the, calculations and figure out there's there's probably a few dozen words that are their own checksum, so you can enter them times 24 and and they work. So,
[00:54:42] Unknown:
like So right now, this process is obsolete
[00:54:46] Unknown:
Right. Because you can just scan the QR code that you can And even the input method is obsolete. Like, what you're seeing on here is, like, I've just entered a seed. It was a 12 word seed, and it gave me the opportunity to review it. So for the purposes of the demo, I'm just going through and storing 3 seeds so that I can just use them. We probably didn't mention that before, but seed signer will currently store up to 3 seeds temporarily in memory while the device has power just in case you're setting up a multisig or you wanna sign with the multiple keys using that same device. But what you're seeing right now is kind of the old interface where Keith was talking about the the scroll wheel where you, enter the letters. And it's not a proper demo, the scroll wheel, because we're just doing repetitive words. But,
[00:55:32] Unknown:
But now we have a joystick.
[00:55:35] Unknown:
Right. Now there's, this was like an earlier, I guess, hardware version. And we're using Spectre in this Spectre desktop in this demo.
[00:55:44] Unknown:
We have 2 questions that I just saw come in here. Yeah. Yeah. The first one is, do you guys trust safe deposit boxes, multisig keys? I don't trust safe deposit boxes. They can be drilled into. You might not have access to them. But for multisig, if it's one key, if it's not, like, part of if if it's not the full quorum of keys, then worst comes to worst. You, you know, you lose access to a single key or someone takes a single key, gets access to a single key. It's not the end of the world. But I definitely went in with single sig.
[00:56:22] Unknown:
Yeah. Yeah.
[00:56:25] Unknown:
And then someone asked, with the photo entropy, couldn't someone find the photo?
[00:56:31] Unknown:
Yeah. That's that's a key question. So the photo is never stored on the device. And even if it was, as soon as you you turn the power off, the the device is blanked. And then the the the part that I really like is the photo's aspect ratio is wide. It's 7 20 by 480. But we only show you the center crop, the center 480 by 480, and then we we scale it down to fit on the screen. So there's image information that you never see. So you can take a photo of the seed signer displaying your image that you're going to use as the entropy for your new seed. You could tweet it out to the world. I I I have some demos of this. I know. I saw you tweeted it out. Yeah. Yeah. My dog.
[00:57:22] Unknown:
So she's you know, her face is is my new, seed, at least. By the way, that's how I knew I liked you. You know, the the 2 the 2 automatic or, like, pretty good, denominators that I'll like a person is if they're a Bitcoiner and if they're a dog person. So they're both it it's a very good indicator.
[00:57:42] Unknown:
Yeah. The dogs are amazing. But but yeah. So because the whole image is never shown, there's no way anyone can recreate the exact pixel for pixel values. And even if we show the entire image on screen, again, there's no way you're gonna recreate the entire 7 20 by 480
[00:58:04] Unknown:
exactly right. Right. So we're not uploading a photo. We're taking a unique picture that is deleted immediately afterward after power off. Yeah. Exactly. I I mean, in fact, it's it's
[00:58:14] Unknown:
wiped as soon as that function ends.
[00:58:19] Unknown:
Awesome. These are good questions, Freaks. Keep them coming.
[00:58:24] Unknown:
And I'd point out in the video, I think we're about to do the the sample signing process. I just got a transaction inbound from a faucet. This is all in testnet. And right now, I think we're gonna go to send. And to send, in this particular demo, we send some coins back to the faucet, back to their receiving address. So, like, you're familiar with with a lot of your wallets, I'm copying that from the faucet website and then pasting it back into the back into the Spectre or the multi sig coordinator, putting an amount in. I think I let it auto calculate the fee, and then it's going to say create this unsigned transaction.
So Spector just created the unsigned transaction, which is multisig, so we need 2 of 3. So we're gonna choose to sign with the first key, and we're gonna sign with these animated QR codes. So I kinda have a rig when I recorded this video, but you're gonna see, it's asking me which key do you wanna sign with. I just picked the first key, And then you can't tell because it's picture it's a picture in picture video, but I just held the seed signer up, and I'm scanning that animated QR that that's dis displayed on the laptop screen. So it shows me the proposed transaction. It says this is, like, the last 13 characters of the address you wanna send to. This is the amount. This is the fee. Do you approve it? And then it just generated a QR code on the seed signer screen, And that is how I'm gonna communicate the partially signed transaction back to the laptop. So I hold it up to the screen.
Specter reads the frames in 1 by 1. You're holding it to your webcam on your computer. So once it knows it has them all, it, closes the scanner face out, and it says, okay. We've signed with the, the first key. And then it's just that process repeated
[01:00:24] Unknown:
with the second key. So it's gonna This case, you have them all in the same seed signer, but it could be different signing devices. Totally could be different signing devices.
[01:00:33] Unknown:
But just for the demo. So it's displaying the the proposed transactions, QR codes, and laptop screen again. I'm gonna hold the seed center camera up to that. It's gonna give me indicators on the screen that it started collecting the frames.
[01:00:50] Unknown:
It's gonna happen like And, Phryx, the reason you might wanna use like, it's really nice, feature set to be able to have multiple keys on a on a single device, especially for a demo or even, like, in an emergency situation where you need to recover a multisig. But the reason you wanna use multiple devices is because right now, if this was holding a lot of funds, all the secrets that are needed to move those funds are on this single device. So if that single device is compromised, so are your funds. Right? Yep.
[01:01:25] Unknown:
Yep. Best practice is definitely mix mix vendors and mix hardware profiles for, your cosigners.
[01:01:34] Unknown:
So it's really sleek.
[01:01:35] Unknown:
So it just, we approved with the second signer, and that pops up a screen inspector that says, okay. You have the adequate number of signers. We broadcasted the transaction, and now it's just going back to the, the faucet to validate that they received a transaction. But that brings up, like like, I think you had said, practice, practice, practice with, like, whatever your setup is. I think part of, part of being secure in your security setup As Bitcoin moves in the future, I think we all think, like, the price is gonna move the number is gonna go up. And so at some point, you may get to that stage where you have a lot of paper gains and you know what number of Bitcoin you're holding and you know what the notional dollar amount of that is, but you start to wonder if those gains are real or if you're safeguarding them properly or stuff. And I can't emphasize enough how important it is to encourage everybody to first practice with testnet. And, most coordinators and all the wallets should be compatible with testnet. So, like, you can stand up a pruned testnet node in a couple hours on your machine and just practice your heart's content. Get comfortable with it.
And then when you move to main net, like, start with some small transactions and get comfortable just moving the around. Because you you don't want that kinda, like, lingering in the back of your mind, like, can I really make this work when I need to?
[01:03:06] Unknown:
I think it's MBK who constantly says, like, you should basically operate under the assumption that the value you're holding is 10 times the amount of value you're holding. Yeah. That's fair. Totally. So we have future poll in the comments asking if you can use a USB keyboard to input the seat if you want.
[01:03:28] Unknown:
That that's definitely not supported. I won't say it will never be supported, but it's probably with the optimizations that we we came up with the seed QR. I it it you can probably speak more to this, but it it may just add too much complexity to the the code.
[01:03:46] Unknown:
I wouldn't call it complexity. I think we should be afraid of plugging any USB device into
[01:03:53] Unknown:
the seed signer Yeah. Good point.
[01:03:55] Unknown:
Or or any hardware wallet. You know, like, NVK sells those, 9 volt battery to USB power supplies, so that you have, like, well, a guarantee in in it's as far as we trust NVK.
[01:04:08] Unknown:
Well, it's like a baseboard. He, like, he makes it as a bare board at least. So at least you can kinda see if something was tampered Right. Compared to, like, a battery pack, like one of those USB battery packs you get off of
[01:04:22] Unknown:
Amazon or Best Buy or some shit where you have no idea what's inside the case. Yeah. So I I think it would be easy enough to add support for USB keyboard, but I think it would just open up an unnecessary, security risk.
[01:04:36] Unknown:
Right. Fair. And I you make a good issue, a a good point with the issue of plugging things into seed sign or plugging anything into a hardware wallet. And that's kind of, in the back of my mind when I had because I've had, like, a keep key and I've had a Tresor and, some of the other ones. And with my background I have a background in digital forensics. When you would plug those devices into your computer, like, I always just got a queasy feeling, like, who knows what is going over the the USB serial bus? Like, if my computer is compromised or when I'm updating the firmware, could that be, like, some sort of, you know, unauthorized payload that goes in there and, like, makes my device vulnerable, or could it be exfiltrating the private keys? Like, I most of the time, it's completely benign in its operating as it should.
But just having that device plugged into my laptop, like, always made me uneasy. I don't know if you guys or anybody else felt that way, but, like, the the level of paranoia was just kinda like, I'm not I'm not I'm not crazy about this.
[01:05:39] Unknown:
Yeah. And we've seen compromised USB cables even. You know? Who Yeah. Yeah. Yeah. You can never be too paranoid in the space, or maybe you can be. Some people fuck they make themselves too complex. You don't wanna make it too complex, but at the same time, you don't you don't wanna plug these things into computers.
[01:05:56] Unknown:
So with Seed Designer, what I love about the QR exchange is it's an extremely limited regulated protocol so that, if you're using the device as it's, you know, currently intended, the only way information comes into it is via the camera, and the only way that information goes out from it using in a properly air gapped fashion is via the QR codes that are displayed in the screen or, you know, words that are displayed in the screen. But, I really like the regulated protocol of doing the QR's back and forth between my laptop and SeedSigner or Spectre, just because it it limits tax surface of the interface between the two devices.
[01:06:41] Unknown:
I mean, people should still verify what's shown on the screen of the device. Right? Because the QR code could be, I guess, the QR code could be compromised on the online device.
[01:06:53] Unknown:
Right. There's and there's some ways you can do that. Like, if it's you'd have to have some technical expertise to do this. But, I mean, you can scan either an XPub or, you know, any of the transaction with your phone and decode it that way, because it's none of that is secret information.
[01:07:10] Unknown:
There's a privacy risk. There is a privacy risk. And there's a privacy risk with your coordinator, whether that's on your computer, on an online device, if that's Spectre desktop, or if it's on a phone with BlueWallet. There's a privacy risk there. So in an ideal setup, you're using a dedicated machine for your coordinator.
[01:07:31] Unknown:
And what I'm hoping over time is that we can use these wallets to kinda cross check each other. So as the QR protocol standardize, because there there are a couple of different ways of, encoding a PSBT into QR codes. And as those as we converge on standards, I'm hoping that you'll be able to, use, like, your seed signer to validate the XPub that's produced by your Cobo Vault. So right now, if you, let's say you're using a Cobo Vault and you use inspector desktop and you wanna set up a multisig wallet with your Cobo Vault as one of the cosigners. So you, I'm not either you let it generate a seed for you or you input a seed that you've securely generated, and now you have this extended public key that you wanna input in the Spectre. So you do that via QR codes, you input the XPUB and a Spectre, and then in Spectre, you have, like, an alphanumeric string that represents your XPUB.
What I'd encourage people to do is take another hardware device like SeedSigner and put your seed into that device too, And then go to generate next pub. And what we do is we'll also show you, like, the derivation path, the parent fingerprint, and then the extended public key so that you can compare that with, what your other hardware device already put into, say, Spectre. There's one attack that was just described. I I forget who described it, but it was like, what if what if basically you enter a seed into your hardware wallet it gives you an XPUB, but the XPUB isn't really representative of your seed. It's a preconceived XPUB that is, you know, some kind of retirement attack or it's it's it's Right. Representing something else. So getting to the point where these devices Someone else's ex pub. Right. So these devices can be used to kinda cross check each other. I think that'd be a great space for, like, the over overall kinda wallet ecosystem. Agreed.
[01:09:33] Unknown:
So we have a lot of good questions here. So we have Roman in the audience asking, if any of the parts are discontinued, are there other interchangeable parts that could be substituted in? Is there, what are your feelings here?
[01:09:46] Unknown:
So the camera is a pretty generic, like, Raspberry Pi compatible camera. There's a few specific models that'll fit in the enclosure that we've designed, but that's like a less important thing. Pretty much a standard Raspberry Pi camera should work. And that Waveshare, combination controls and LCD hat is kind of our Achilles heel because only Waveshare makes it. And actually, Waveshare makes multiple versions of kinda the same thing. So we've had it to where people have bought, like, slightly wrong models that are, a different pixel count. And we're dialed in on this very specific 240 by 240 pixel, model display hat. So that's kind of an issue. If they discontinue that, we're we're gonna be hustling to, get to a different platform.
But that's also a good avenue to, talk about. We're we're hoping in the future to move to supporting a secondary hardware profile to where we can keep the current, the current LCD hat, but we'd also like to get to a larger screen that's a touch screen profile just because we'd be able to pack more density in the QRs. And I think it'd be a little bit more approachable, maybe a little more intuitive interface for people. It's all kind of experimental, and and Keith is kind of the lead in figuring out, what what, LCD touchscreen makes sense, but that's the direction we'd like to get to.
[01:11:14] Unknown:
The density is what? So you'd have less the animated QR codes would have to wouldn't be as long?
[01:11:23] Unknown:
Right. So the, and this is actually something that Craig from Sparrow implemented, in his last one of his last 2 or 3 releases that helped us immensely because the number of squares that are in that QR code, basically dictates the density of the amount of information that you can encode into a single QR code. So if you make the QR code a little bigger and, like, pack more squares into it, you can reduce the overall amount of, like, say, animated QR frames that you have to exchange. That's just part of the process of we're optimizing it as much as we can on our end, and some of the the the multisig coordinators have been super helpful with optimizing it on their end. But, yeah, like you're saying, so if if we go to a bigger screen, we can put more squares in the QR code, and that means less frames you have to pass back into your, laptop or, like, quite literally, it's less time that you're holding your your your device's screen up to your webcam.
[01:12:19] Unknown:
I would add 2 things, here to this answer. Is first of all, SeedSigner is a free open source project. So if something got discontinued, I assume, either you guys or another contributor would step up to the plate to make it compatible with something that continues to exist. Right. And regardless of that, you know, the seed format is standardized, so you should be able to, in an emergency situation, import that into some other kind of either signing device or software wallet, that supports it. Yep. So your funds aren't at risk there. If if if your seed signer gets destroyed and you can't get the new parts, you can migrate that to a new wallet.
[01:13:06] Unknown:
Yeah. And there were kinda 2 related questions, but you can run this on, I think, any Raspberry Pi. You don't have to use the 01.3. We we prefer it as the safest method, but, Kevin had a question. Can I use the version of the 0 that has Wi Fi? Like, yeah. And that weight share display hat, either just sits on the, GPIO pins of the the pi zero, but the pi zero has the same pinout as all the other Raspberry Pis. So, like, you could download the the the seed signer, you know, image, put it on an SD card, power down your your your Bitcoin node. Right? Pop the SD card out of that, pop in the seed signer card, and turn your Bitcoin node into a temporary seed signer. Just slap the the LCD head on top of it and and plug in a camera. Yeah. The camera is the you would need an additional camera. Yeah. I I mean and and, like, you know, they're standard. It's, like, literally, if you just Google, like, Raspberry Pi camera, there's, like, one result that you have to care about. And and, he has a second part of that question. Do you guys disable the Wi Fi if
[01:14:19] Unknown:
on the software level if he uses one more Wi Fi on it? It's not disabled in the, in the build that we released because we assume that people are using the 1.3. But we've left the Wi Fi enabled for the reason being that sometimes people wanna, like, tinker with the platform or help us test advanced versions, and the easiest way to get into the device is through Wi Fi. So the in our builds, Wi Fi is still enabled. So we kind of assume if you're using it securely, you've gotten a 1.3 and you're using it that way. Though, if you go through the
[01:14:51] Unknown:
basically, the the developer way of installing the the seed signer code where you're step by step grabbing, you know, a fresh, image of the the Raspberry Pi OS, installing dependencies, blah blah blah. The Raspberry Pi OS comes out of the box with, Wi Fi disabled. It has a little message at the bottom when you when you sign into it that says it's it's disabled by default. So if you do it, like, the the step by step way instead of grabbing the the prebuilt image, then you get that for free.
[01:15:24] Unknown:
We have minion in the chat mentioning, be careful where you buy your Raspberry Pi components. I guess there is a risk there that they could be tampered with, before you receive them. Is this something you guys have thought about at all?
[01:15:41] Unknown:
The I guess the nice thing is, like, nobody knows you're buying this for Bitcoin related purposes. So if they're tampering with it, who knows what they're tampering with it for? Yeah. That's I part part of the model with generic hardware components is, hopefully, it provides you with some kind of level of, I don't know if anonymity is not the right word, but some sort of level of almost randomness when you get the components. It's not like you're ordering a ledger from Amazon, and everybody at Amazon knows that you're getting a ledger. When when you're ordering a Raspberry Pi through, you know, Pomeroney or Amazon or any retailer like that, people order these things for all sorts of stuff, so no nobody has a clue what you're gonna use it for. I mean, specifically, I really like the idea of, like, walking in a microcenter and paying with cash
[01:16:33] Unknown:
Yeah. Which you can't do with any of the Bitcoin specific stuff yet. And I guess that's part of the reason why the Pi zero one point three is chose chosen because it does not have Wi Fi or Bluetooth on it at all. So I guess best practice would be when you when you get your Pi 0 to look up pictures of it online and and check to make sure that nothing looks completely off. Right. Check the modules and yeah. Yeah. A lot of these attacks are, like, very low hanging fruit. Like, they I mean, there was, like I think there was a ledger attack recently, where they they literally put a whole USB flash drive inside the ledger.
So, I mean, with a ledger, it's not intuitive to open the case. You're not supposed to open the case, so people might not see it. But with the pi zero, it comes as a bare board. So in that case, you would it'd probably be pretty visible. Right. Right. Right. And another thing to mention is,
[01:17:36] Unknown:
you know, the the kind of sunsetting of that hardware. I think they're committed to producing and supporting the Pi Zero through it's at least through, like, 2023 or 2024. So, yeah, who who knows what what the future brings for SeedSigner, but I I I'm comfortable that the pie zero is gonna be around for a while. Right now, because of COVID, there are some supply chain issues where they can be a little bit harder to, acquire. But, I've been in touch with people at the Raspberry Pi Foundation, and they're still, they're still taking purchase orders for quantities of pi zeros. So it sounds like they have another run-in the works, so it's it's, still fully in production.
[01:18:20] Unknown:
And the the code is all just straight Python. So, you know, on on my wish list is to make a version that can run-in, as micropython. So right now, the Raspberry Pi is a full computer, even though the the tiny Raspberry Pi 0 is like the the size of, like, a stick of chewing gum. Like, it's a full computer running, you know, a full operating system. And so there's some some weight attached with that. There's some bloat attached with that. Like, right now, it takes the seed signer, you know, maybe a minute to to boot up from from, once you power it on. Although the custom OS is making some incredible strides to to cut that down to, like, 10 seconds or less.
But I'd really like to have a micro Python version where it's running on a microcontroller. There's no operating system. It's not running Linux. It's just literally only executing the seed signer code. And, you know, so the potential is you get a you find the right microcontroller platform that can run, you know, this code and has the same air gapped qualities. It doesn't have Wi Fi on board. It doesn't have Bluetooth, can handle a camera being plugged in. It's it's kind of a longer r and d project to find the right microcontroller that'll have enough horsepower to to do what the the pi zero is doing. But it's not like the pi zero is, like, a a processing powerhouse. Like, it's it's pretty crappy, as a as a stand alone computer, because, you know, it's $5. Like, what do you expect?
But even compared to a a Raspberry Pi 4, like the the 0 is, it's really weak. So I'm I'm hoping that eventually we can get that microcontroller version instead of Linux OS based version. And then that just opens the door to a huge variety of different microcontroller chips out there, that that we can pick from.
[01:20:25] Unknown:
I like Roman's question that came up just now about, gaps and contributors development skills. Keith can probably speak more to this, but, we've we're we're kind of looking for somebody right now who has maybe some knowledge of GPIO and SPI who, and maybe some experience with some of these touch screens who could kinda jump start, getting the touch screen UI and a second hardware profile, running. That's the first one that pops into my head. There's also to other kind of less technical areas of contribution I can think of. But yeah.
[01:21:04] Unknown:
Yeah. What are the other levels
[01:21:06] Unknown:
of contribution? Like, how can people help? Like, we we are in dire need of, like, explainer videos and just how to videos or videos of people using the device especially in, like, other languages. We haven't mentioned it yet, but we just recently launched finally seed center.com, which is kind of it's great to have a one stop shop where everybody can get, you know, a link to the latest release and go to look at the GitHub repo and see some of the media appearances. And, one section I'm really excited about there is explainer videos. Just getting a ton of, like, short videos so that, like, if you're curious to learn more about SeedSigner, and I'm gonna be making some of these myself, but people with video production skills like to just sit down and make, like, a short understandable video of how to input a seed, how to generate an XPub and import it into your coordinator, how to sign a transaction, how to generate a seed with, you know, the seed from digital photo feature, and just stuff like that. Like, that's that's pretty low hanging fruit that people don't need a lot of technical chops to get into.
But, yeah, I I've been thrilled over the last few months with how people have kinda jumped in in all sorts of areas that, like, you know, Keith was obviously a big one, but we're also looking at over, overhauling the user interface from the video that you showed before. Like, you can see that we have, like, a pretty basic, almost DOS like interface where you're just selecting menu options that are highlighted and displayed on the screen. And there's a a guy with a handle that goes by I think his handle's easy, who has apparently, his day job is in graphic designer and user interface design, and he's helped us kinda, like, conceive of. So if we move to a more graphical based user interface, what does that look like, and how much is that gonna, give us in terms of making the operating system more approachable to people and more intuitive for people to use?
But the the website that I mentioned, a guy named Jay, who I believe is in the Philippines, kinda jumped in, and at no cost, he's he's apparently a web developer by trade, has has done most most most of the the website coding. There's a guy named Richard I'll give a shout out to who is, in the European Union who's been a huge help with me testing different enclosure versions and even shipping out, shipping out 3 d printed enclosures that he's printed himself to different people that are interested in trying it out or, are interested in building one for themselves.
The the guy who did our logo, can't think of his name, but he's from South America. I, sent him a, like, a t shirt and some other things as a thank you through snail mail. So it's just I I've been humbled by people who have just stepped up and, like, you know, I may not know how code, but I can design a logo or I can build a website or I can make explainer videos. It's it's like, this is truly a community thing to where I I couldn't do all this stuff myself. It's it's been awesome to experience.
[01:24:22] Unknown:
Yeah. And we we should give a shout out to, the the 3rd major contributor, Nick. Yes. Who who predates my involvement in the project. You know, my my understanding is, you know, seed did the, like, original r and d, got, like, proof of concept up and running, started building just a kind of, you know, sort of publicity platform so people would start noticing the project. And then Nick entered, and he has a much deeper programming experience. And so just started really professionalizing the code and revamping and reorganizing. And he's really the technical expert on the Bitcoin side. So, like, I was so excited to to join this stream, but I was also terrified because I'm like, I'm such a huge fraud. Like, I don't understand the details, the, you know, the the the super techie details of our PSB Ts and, you know, all the other stuff because that's that's all Nick. Like, he's the one in the trenches, you know, handling the PSB Ts, handling the QR formats, talking with all the other wallet and coordinator developers.
So huge, huge shout out to Nick. Like, you know, Seed and Nick got this project to a point where it was on it had such a strong foundation built that I was able to come in later and just start playing and making, like, fun new features for it.
[01:25:46] Unknown:
But they they did all the, like, real real work. Yeah. Without Nick, like, this we it wouldn't we we wouldn't be having this conversation. Like, I I'm not a coder by trade, and I watched enough, like, Udemy videos and bang my head against the wall long enough that I was on, you know, I was on Stack Exchange and Googling and, like, just trying to get a basic proof of concept. And also a shout out to, Stepan from, Specter. Like, I was in his Telegram DMs, and he created the, embed Python library that we lean on to do some of the heavier lifting with the signatures and the protocol work. And it's, it's an open source library that he's put out there for embedded Python devices, and it it's like it it made our thing definitely possible. And he was also just so, so patient with my, you know, idiot newbie, I don't know how to code questions, and how can I make this work kinda questions?
But yeah, Nick coming in was like the game changer because even I had interacted with, Michael Flaxman a little bit when I had the proof of concept up, And he had looked at the repo, and he was like, oh my gosh. This is like spaghetti code. And, Nick, like, I I can't remember how Nick stumbled. I think Nick actually just came across the project through GitHub, not even from our Twitter account. And, he's also a a cur by trade and just brought immense knowledge of, like, Python coding convention, coding structure, what makes sense, what's the most efficient structures for what we're trying to do, and, like, yeah, I I I, we we wouldn't be here without Nick. I wish he could've,
[01:27:33] Unknown:
joined us tonight. Well, he's here in spirit. I mean, this is what I love about Bitcoin. This is what I love about free open source software. Keith, it sounds like you need to hear it, but you're not a fraud. We do appreciate you.
[01:27:44] Unknown:
Well, I I'm just very aware of of the things I don't know, and I'm I'm terrified of all those, unknown unknowns.
[01:27:51] Unknown:
That's good. That's where that's where you should be. Everyone should stay humble and keep moving forward. Yeah. I I appreciate you both. I I this is, this is what it's about. You know? This is this is awesome. I I I love how the community comes together around these types of projects. So I assume, see, this is your first open source project.
[01:28:18] Unknown:
Correct? It sure is. So I'm a stay at home dad. I people who've listened to other podcasts know probably have heard a little bit about my background, but I'm a retired police officer, actually. I was a local cop for 15 years, and I was lucky enough that I had a I had a background in technology, background in computers. And about 3 years into my police career, somebody higher up than me knew that I had background in computers and was aware of a digital forensics group where I live who is kinda spinning up and looking for, new contributors, new members.
So early in my career, I was given the opportunity to join this digital forensic group. So I spent the majority of my law enforcement career, like, in a lab setting, taking apart computers and hard drives and, laptops, thumb drives, and and figuring out how to assist prosecutors in, in, making cases, which is a little bit weird for me in the Bitcoin community. Yeah. You're the spook. Basically. Yeah. Are you still the spook if you're, like, out as the spook? Is that
[01:29:32] Unknown:
That's that's a classic spook movie.
[01:29:35] Unknown:
You're a fool. Second level spook. No. The the majority of my work was in, crimes against children, so I'm, like, I I'm super proud of the work that I did, but I actually learned of Bitcoin through work. So, in 2013, I was, you know, having a water cooler conversation with a couple of the other examiners, and one guy is telling me about this case that he's working on where there's this local kid who, got, like, a pretty high end gaming rig, a desktop computer for Christmas or for, you know, his birthday or whatever. And instead of using it to play call of duty or whatever would have been the game at the time, He was mining Bitcoin with this gaming rig with the GPU, and this was in 2013, so it was still kind of at the tail end of when GPU mining was viable.
But he'd take the Bitcoins that he mined and purchase weed on the Silk Road that he'd have delivered to, you know, his house with his parents. He'd break it into smaller packages and take it to school, and it was making a tidy little profit, selling dime bags to, you know, his, fellow students. And so I was kinda, like, stupefied by this Bitcoin thing. I I started googling it, and it didn't make sense to me. Like, why people why would you be using a GPU to to generate all this compute to, like, mine these coins? It just it was such a foreign concept. So I I heard about it, researched it. It didn't make sense. I didn't know if it was like a SETI or like a folding at home thing.
And then for whatever reason, like, in March of 2013, I circled back to it, and that was kind of during, a period of price appreciation. And I was probably, kinda back of my mind looking for investments at the time. So I started learning more and more about it. It was like one of those, like, you you come for the gains and stay for the freedom kind of things.
[01:31:31] Unknown:
Definitely one of the more novel Bitcoin intro stories I've ever heard.
[01:31:35] Unknown:
Yeah. It was, so, you know, I still I still was probably in the forensics business for 7 or 8 years after that. So, I was when everybody first gets into Bitcoin, what's the, the way that they think is the best way to acquire Bitcoin is obviously through mining. So I was a participant in some of the earliest kinda ASIC ventures. Did you preorder Butterfly Labs? I did. And I was like the guy checking the website, and they'd say every 2 weeks, it'd be like, oh, we think we're gonna send someone about 2 weeks. But, like, I was just thinking about that earlier tonight, like, what a comical sell to my wife that I've just learned about this thing called Bitcoin. And I'm telling her that we should spend $45100 on this, like, this special computer that all it can do is generate Bitcoin, and we're not even sure if they're gonna be able to finish development of it, but they need the money up front.
So, yeah. That and I actually sold my preorder for Butterfly Labs on eBay. I have no idea how that would get through, like, eBay's, you know, like, fraud stuff, but I never actually even received the device. I sold the preorder on eBay, and once the auction had settled, I changed the ship to address in my Butterfly Labs account, and it shipped directly to somebody else who you know, if they got it and plugged it in, like, they did very well with it. But I I was getting uneasy and was looking to offload the risk associated with Butterfly Labs at that point. A lot of people, I don't think, received devices. Yeah. And there was there was all sorts of rumors that Butterfly Labs was mining with with, the devices before they'd shipped them because they're in the middle of a bull market and they're, you know, air quotes, testing the devices. It was very common back then. Yeah. Yeah. Yeah.
But also through, like, Bitcoin talk, there was a guy named Yif Yifigiu, or I'm I'm sure I'm butchering that name, but he was one of the earliest ASIC chip designers. And there were all these people on Bitcoin Talk that were organizing group purchases of chips from him to design, like, custom mining hardware. That was pretty crazy back then. Yeah. Yeah. It was. Stuff fell through. That was pretty crazy back then. Yeah. Yeah. It was.
[01:34:02] Unknown:
Well, I mean, I was gonna ask you what your experience has been, you know, being the lead maintainer of an open source project.
[01:34:12] Unknown:
So this being the first project I've been involved with, I don't have a lot to compare it to, but it's, it's it's, I there's not much to say about it. Like, I I have some level of trust in the developers. I've kinda fallen into a less technical role where I test the hell out of the code that that they, put in some of our test branches in the repo. And I can read enough Python to understand what's going on, but some of the structures that these guys come up with aren't stuff that I myself could come up with. So if I spider my way through the the code, I can get it. But it it was, gosh, this is probably embarrassing to say, but it was the first time I'd set up a a GPG key. And it was actually
[01:34:57] Unknown:
Don't worry. No one uses GPG.
[01:35:01] Unknown:
That was I think it it was, one of your favorite, anon accounts. It's like numbers, like, 4704. That's not it, but it's something like 102? That's 6102. He had been in touch with OpenNoms and, asked me to set up a GPG key to start establishing kind of a trust trust chain and a reputation for the releases to at least, like, if you were willing to accept the the security trade off of a precompiled release, at least we could have kinda like a track record to go with go with
[01:35:38] Unknown:
that. Yeah. That's definitely best practice. Yeah. Definitely best practice, and I'm glad that they kinda steered me towards that. But, 62 is fantastic. I love that dude. I consider him a brother, and I have no idea what his name is. Have you ever met him in person, or is that not a thing? I I hopefully, one day, he will trust me enough for that to happen. But that's gonna be on his terms, not mine. I just expect him to just, like, show up one day.
[01:36:05] Unknown:
I gotta I gotta shout him out too. When I tweeted out the video of my demo doing the human transcription 3 years ago or something that was basically describing exactly what I built. So, you know, he he was there 3 years before I ever got there.
[01:36:29] Unknown:
Yeah. He told me that. He was pretty he was he he was pretty proud that we got there. So thank you for that. Very cool. Keith, I mean, while we're here, you know, seed story was very novel. Do you what's what was your Bitcoin story?
[01:36:49] Unknown:
I mean, I'm professional Python dev. You know, my first exposures to Bitcoin were through, I think there were there were a series of wired articles over some of the early years, you know, talking about, Silk Road and, Mt. Gox. And each time I would come across one of these articles, I was just fascinated. I was like, oh my god. This is, like, just crazy interesting stuff. I need to I need to learn more. And then I would put the magazine down and, like, I would lose the train of thought. And then, like, a year or 2 would go by, and then I'd pick up another issue, and there's another art you know, article on on Bitcoin. I'm like, oh, that's right. This Bitcoin thing. It's so interesting. And And then I put the magazine down, and I forgot about it again. And finally, for whatever reason, in 2017, you know, I'd wasted 3 or 4 years at that point. I was finally like, okay. I gotta dig in and and learn what this thing is about.
So damn.
[01:37:48] Unknown:
I mean, no. Most of us, I think, required multiple touch points before we didn't think Bitcoin was a scam. Yeah. Yeah. Yeah. It's a very common theme. I would say Seed's, story is is is way more novel than any story I've heard. The big meme in the space is, like, every Bitcoin podcast starts off with, well, what is your Bitcoin story? And almost all of them are the same. It's like, oh, I heard about it really early, completely dismissed it, and then I came back later after, like, the 4th time I heard it. Awesome.
[01:38:22] Unknown:
So we, is it like a funny side story? When I was still working in the computer lab, so we had this training room where we had, like, 24 computers. They're all pretty basic computers, but this is during 2013 during the first, like, shitcoin total craziness. And one of the, one of the particular, like, strains of shitcoin was that it was something that you could only mine with a CPU, like, they had an algorithm that would rotate and it wasn't something that a GPU could do. So, I had set up all 24 of these computers in our training room to mine Prime Coin and then probably something else. And that was also when, like, BTCE was still in existence, so you could exchange coins, without doing any any KYC at that point.
And, we mined enough of these shitcoins that, like, our forensic lab actually had a Bitcoin wallet that appreciated over time, and we were able to, purchase, like, equipment for our work, when we got into, like, subsequent price runs. So at one point, I think I bought, like, I bought an Imac with some of the Bitcoin that we'd we'd indirectly mined, and then, like, we bought new monitors for everybody in 2017. It was, somebody just put up in the chat, like, the troll box in BTC, which is, like, the mother of all, like, trading, rumor mills.
But, yeah, there's, like, so much lore in the early days of Bitcoin that's, like,
[01:39:59] Unknown:
hilarious. Toolbox was epic. Yeah. Absolutely. Do you remember how they took down BTC?
[01:40:05] Unknown:
I don't remember other than, you know, the day that the, you know, the URL or whatever came up is the domain came up as being seized. I don't remember how it was executed. How was it?
[01:40:17] Unknown:
I guess it was it was run by a Russian guy, and, he was he was vacationing in in Greece, I if I recall correctly. And the the way full disk encryption works is it activates when when your device is off. Mhmm. So the key is you you want to get I mean, you know better than most. I mean, the so the key is you wanna get them while the device is on and they're signed into everything. Sure. So he was on vacation. He was signed into everything at BTC, and they took an unmarked car, and they rammed it through his vacation home gates. And he, like, ran out in his robe, And then they arrested him, and he was signed into everything.
[01:41:01] Unknown:
That's that's reminiscent of, how they got Ross Ulbrich too Right. Was that he was operating in a, I think it was a public library. And Correct. Somehow, they distracted him from his screen or something and and, like, physically converged on him so he couldn't, like, sleep the computer or log out or anything.
[01:41:23] Unknown:
Indeed. I mean, but he was, like, in a San Francisco library. It's a lot less glamorous than a recent vacation home in a robe. I don't know. Just from from Russia. Like, that's a picture. Yeah? Yeah. It's definitely, it's definitely an image. So, I mean, guys, this has been a great conversation. Oh, I get I have one more thing on my list that I wanted to hit before we wrap this up. So it's a free open source project. Anyone could do this. The code's out there. They can just use the build, put it on, you know, general purpose hardware. Is are you how do you view this project? Is it just gonna be donation based? Is there a monetization strategy?
[01:42:10] Unknown:
What what yeah. What how do you view that? If there's a, like, a significant monetization strategy, like, I don't see it. I currently like I mentioned before, I sell the presoldered pies, and I also sell the 3 d printed enclosures. But that's, like, low margin stuff that helps me cover, like, you know, the hosting fees and, you know, sending T shirts to contributors and sending hardware to people who, you know, potentially contribute or who might, you know, be good for the project and, like, web development, that kind of stuff. I don't see any sort of path of monetization. Maybe I'm naive or just inept business wise to see that, seed signer's more like, it this is more like a the goal of the project, and this isn't something we talked about, but we recently declared a license.
And that was, like, by far the hardest decision that I've made by far associated with the project. And we we initially were leaning GPL or a GPL, but that was wrong. So GPL. And the theory was so that, like, anybody who, you know, uses the code or modifies the code contributes it back to the open source community. Right. And we just got a ton of pushback about that. And the ultimate decision was that I didn't wanna discourage there were a lot of people who were super m I pro MIT, and I think there's a little bit of a cult mentality to that, not that there's anything wrong with MIT.
[01:43:47] Unknown:
So the main difference to the freaks is with GPL, any derivative work has to be open source. It has to be GPL. Right. With MIT, it's completely open. Like, you can you can take that code, like Square can take that code, and they can just put it into a completely closed source, device or software library or whatever.
[01:44:15] Unknown:
Right. And so, like, the goal for us thinking it through was we always want people to be able to build a seed signer on their own without permission from off the shelf components and have the software completely unfettered and free. So in that sense, GPL made sense, but we got, like, super pushback from the from the community. And one of the more, legitimate kind of concerns was that apparently people who work, their day job is for, you know, a for profit company and they're professional coders, and maybe Keith can talk more to this. But I had several people approach me, and I think it was in good faith, tell me that, like, their employer prefers that they don't contribute to, like, Copyleft or GPL projects because of potential legal entanglements and that they prefer them to just contribute to MIT stuff because it's pretty cut and dry that there's no legal legal, implications to it. So if people a lot of employers give you Google used to give you, like, what, 10 or 15% of your work week just to work on some sort of passion project or, like, open source kind of stuff. Like, I didn't wanna just just discourage any contributors from contributing seed signers. So even though we were leading towards GPL, we actually went with MIT, and I'm I'm not ashamed of that. That's what Bitcoin uses. That's what, Spectra uses. It's a great license. I just don't think that a closed source signing device makes sense.
So we were trying to steer it towards JPL, but, yeah, that that's where we're at. So to get back to your original question of I don't think there's a profit motive motive in this. I I yeah. That's that's kinda where we're at unless Keith has any perspective.
[01:46:12] Unknown:
No. I mean, I think, and and and by the way, you know, Matt, you had asked about how how Steve has experienced, running his first project, his first open source project. And, you know, I can tell you from the from the inside of these discussions, you know, all the transparency that you see him tweeting out publicly, that's, like, exactly what's going on in these internal discussions that, you know, here's what I'm thinking. Here's what I'm agonizing over. Here's what I don't know. And we just kinda, you know, discuss it and and hash it out. And just, you know, his his transparency. Like, the the multisig donation address is out there. But not not only that, like, the x pub of each key of the multisig has been tweeted out. You know, just like levels of transparency that are are just crazy.
But, no, I I think this project, you know, like, I I'm contributing in my free time. Nick is contributing in his free time. He's got, you know, a a young child. I think I think maybe a newborn. And, you know, it it's it's an all volunteer effort. You know, I I'm just having so much fun working on this project. But but, yeah, like, longer term, if if if we could get to the point where through donations and grants that, you know, I could scale back my my normie day job, and spend more time on on seed signers, spend more time on on Spectre, like, that would be incredible. But, you know, I'm gonna keep contributing to this project as much as I can in in my evenings and weekends.
And, you know, I'm just gonna trust in the Bitcoin community. Like, if if this project, needs more more funding and more attention, I think the community will will deliver it. If what we've built is kind of like a good enough solution and it just has some, you know, kind of maintenance requirements, over time, and doesn't doesn't require, like, investment like that, then then that's what it'll be. But, but yeah. And and I I I don't have any plans on disappearing from this project, but I always tell Seed, like, you know, this isn't a corporation. You know, we're not hired employees.
We have no intention of going anywhere, but you can't build this project assuming that we, you know, specific pieces will be there. Right. Or and you don't know who's gonna come in, you know, tomorrow with some amazing ideas and and and make major contributions. So it's it's just, you know, you you set up the the structure the best that you can. It's open source. Anyone can come in and contribute. And if if someone's contributions just become more and more important, you start bringing them into the inner circle of of, I I I hesitate to say the word decision makers, but, you know, of of the the people whose input, are are listened to the most for, the the seed center group.
[01:49:29] Unknown:
Right. And I'd, Keith kind of alluded to it. We we did set up, an official donation wallet. So it's a 4 of 6 multisig. I published all the XPUBs the other day so we can have full transparency. So anybody who wants to import the the XPUBs into a Specter Wallet or even, you know, a a Spiro wallet or anything, can do that and monitor what comes in and what comes out. We, I was approached, like, a month or 2 ago from a significant donor and asked to submit a grant proposal. I don't know if that particular one's gonna come through, but I'm optimistic that I I think we're demonstrating enough value that I think some form of sustaining funding is gonna come through.
But that was part of the rationale for setting up the multistig address. It's like I mentioned, it's a 4 of 6. I hold 2 of the keys and then 4 other key contributors, we'll say, who've asked not to be named or holding one key each. And over time, as funds hopefully become available, like, it's gonna be a process of, you know, us at a primary level hashing out, like, what we think, like, deserves compensation for contribution and what sort of features we wanna incentivize through through compensation, but it's also gonna be, like Keith alluded to, a process of listening, you know, to people who are following us on Twitter and people who are in the the, seats on our Telegram chat, like, asking about features and and expressing their opinions. So we're we're trying to do this, like, as much in the open out in the open as we can, and I'm optimistic that we can kinda reach that middle ground to where, you know, people if they wanna be heard, like, they're gonna be heard, and I think, like, we can make mostly the the right calls.
[01:51:26] Unknown:
Have you submitted a grant?
[01:51:31] Unknown:
Have have you submitted to OpenSats yet? Yeah. Yeah. We, I think when it was first announced I I'm not sure where you guys are at in terms of setting that up. Or Yeah. We're not we're moving slower than we'd like to move. But I I can fully, like, We have money standing by, and you're, like, the ideal project for it.
[01:51:49] Unknown:
Well, that's cool. We, in the spirit of open source, you know, I was I was I was, like, the 2nd person on board with OpenSats, and all the board members were not taking any money out. And as as a result, you know, maybe it's it's facing some some of the same hurdles that the free open source projects that we're trying to support are facing, because, no one's working on it full time. But, we do have money. We have Bitcoin sitting there waiting to dish out to con dish out to projects, in need, and, your project completely fits the bill, for that. So I'm glad you submitted something, and we're working on getting that out as soon as possible.
I kinda wanna go back to the licensing real quick. I mean Yeah. Yeah. It's, a reoccurring topic on dispatch. And you're right that there it's very much a, first of all, 100% appreciate you going MIT. It is the most open license you can choose, But I I I struggle with it myself, and I got a lot of I get a lot of pushback because I'm a it's it's I I'm a I'm a GPL proponent. I I I've noticed that a lot of or or some groups that provide grants in the space require you to switch to MIT if you're GPL. And I feel like it's a little bit of a subversion of open source even though it's the most free license because it allows corporations to come in and take the code and not contribute back.
[01:53:47] Unknown:
Right. It's it's kinda like it's this, like I I don't wanna call it manipulation, but, like, all of these smart guys with money are having all of these nerds, like, do all this work, and then they can turn it into a product kind of a thing.
[01:54:00] Unknown:
And, like, the perfect example is is something like BTC payserver, which is a project I love, MIT. I expect there to be a lot of closed source point of sale systems that use BTC Payserver code and don't contribute anything back and keep everything closed. Right. With SeedSigner, it's a little bit different because I do agree with you. I mean, hopefully, most people wouldn't wanna use a closed source, signing device. Unfortunately, there are some out there, but, so it's a little bit less of a concern, but, I I tend to fall on the GPL side. But I a 100% respect the decision to go for the most open license there is.
[01:54:46] Unknown:
Yeah. I I I totally empathize with you preferring, GPL. I just don't see because we're a do it yourself thing from off the shelf component off the shelf components. Like, there's not a ton of margin in it for a potential commercial participant. And I and maybe that's just a lack of imagination on my part, but, that that kinda, like, took some of the pressure off for me because I just don't see this as a, you know, super commercially profitable
[01:55:16] Unknown:
potential venture. Well, what we could see is we could see a purpose built Bitcoin signing device that is source viewable, which is the bare minimum, I would say, if you're gonna buy a signing device. Mhmm. But not MIT or GPL. And it uses mostly your code and puts it in a very pretty case and then goes and raises a shit ton of VC money off of your work and your contributors' work. But, That would suck for us. Yeah. You'd still have my support regardless.
[01:55:59] Unknown:
But the most important thing for me is that, you know, the dude in Iraq or Iran or Saudi Arabia or whatever Love it. Like, he can get the components, the codes available, he can build it. Like, people in El Salvador, like, we can host a workshop there. And regardless of what some, you know, clown, you know, VC company is doing, like, we can show people how to build this stuff, you know, themselves. And after we leave, they can make more of them if they think there's, like, a value proposition there. Like, that's the most important thing.
[01:56:32] Unknown:
Yeah. Yeah. And that's why you're a fucking legend. Thank you, dude. We have, Bitcoin makes sense asking a completely unrelated question asking, is Trust Wallet okay? No. Trust Wallet's a piece of shit. You should migrate to to a better wallet. First of all, I hate the name, but besides that, it's just it's mostly shitcoin focused, and the Bitcoin side's really bad. I don't even I I I'm I I can't speak to their license or whether or not it's sourced viewable or not, but it's a really bad wallet. If you go to cildispatch.com/help, there's a there's a list of Trust Wallet's a mobile wallet. There's a list of mobile wallets, that I recommend that are significantly better.
Yeah. But that's a completely unrelated question, but he did ask it, so I'm going to answer it. So I appreciate you guys' time. I think this was a great conversation. Do you have any final thoughts before we wrap this up?
[01:57:36] Unknown:
I would just, like, people are curious to check out our thing. We finally have a website, seedcenter.com. Follow me on Twitter just at at seed signer, all one word. We have a Telegram group that's a great place, like, for people who are curious or wanting to do a build and they have specific questions. Yeah. And if if, Keith, if you have any final thoughts, I'd I'm probably forgetting all sorts of stuff.
[01:58:02] Unknown:
Just we got we got some cool things in the works too. No no formal road map or release schedule, but, you know, we talked about seeing if we can figure out a touch screen, you know, UI redesign. One thing I'd really love to add is NVK's seed XOR. You know, with Yes. With your seeds as QR codes, they are more exposed and vulnerable. But if your seed is represented in a seed XOR pair or, you know, 3 set or whatever, then you just have, like, an additional level of of security there. And then we do have on the road map multi language support. So I Oh, yeah. I did the, Spectre, desktop implementation of, for multi language support and, recruited all of the translators. So that's how we were able to launch with 11, languages fully translated for Spectre.
So when we're ready, we'll do the same thing for, Seed signer. And then, you know, hopefully, I can tap that same group or, you know, just tweet out to the world, like, hey. You know, let's let's, load this thing up on on other languages.
[01:59:17] Unknown:
And if people wanna donate, that's seed signer.com?
[01:59:22] Unknown:
I need to add the donation. It's probably not on the website. Dude, you gotta put that front and center. Yeah. I'll I'll put it on the main page. It's it's in my Twitter feed. I actually tweeted it out today. But, yeah, I'll get it on the website.
[01:59:35] Unknown:
Awesome. Well, I appreciate you guys. Thank you for joining. It's really a fantastic conversation, and I hope the freaks appreciated it. I think they will. I know I did. I appreciate your work. I love the project. I have not built my own seed signer yet, and I feel like a fraud for not. So I will do that. I will try and, pump out a a video or 2 about it, do my
[02:00:01] Unknown:
part. If we can if we can help, just, like, let me know.
[02:00:06] Unknown:
100%. Big shout out to the freaks who joined us in the live chat on this late Bitcoin Tuesday rip. Appreciate you as always, and thanks to the freaks who continue to support the show. Without you,
[02:00:21] Unknown:
this show does not exist. So thank you all. Thank you Keith. Better than, the Olympics, I think, tonight. Like A 100%.
[02:00:27] Unknown:
I mean, low bar, but a 100%.
[02:00:30] Unknown:
And thank you,
[02:00:31] Unknown:
ma'am. And thank you, Seed. Thank you, Keith. Appreciate you guys. Cheers. Yep. Appreciate it. Thanks.
[02:02:34] Unknown:
Every day for us something new. Open mine for a different view. And nothing else matters. Trust, I seek, and I find it new. Every day for us something new. Open mind for a different view. And nothing else matters.
[02:07:10] Unknown:
Appreciate you freaks. Reminder that you can go to btcpins.com and buy a FOSS pin set to support open source development. I love you all. I'll see you on Thursday for rabbit hole recap, and I'll see you next Bitcoin Tuesday for another dispatch. Stay humble and stack stats.
What does the SEC have to do with crypto and why is the chair of the SEC talking about crypto?
The lack of investor protection in crypto trading platforms and lending platforms
The importance of promoting investor protection in the crypto industry
Importance of keeping devices physically secure
Mitigating concerns about tampered memory cards
Standardization and bug detection in SeedSigner
Bitcoin and its early adoption
Mining cryptocurrencies in a computer lab
Licensing and open-source projects
