Ungovernable Misfits

Share on social media:

▎Welcome to The Confab


The term derives from "confidential talk", which was commonly used in the Prohibition Era for meetings and conversations that took place in the smoky, rule-breaking speakeasies of that time.


The informal, privacy focused and clandestine nature of Ungovernable Misfits lends itself to these discussions. So, grab a seat and a stiff drink from the concealed bar, listen and revel in the conversation.


On this episode, Zach Herbert from Foundation Devices drops-in to speak with Max.


▎Show Discussion

          1. Introduction

• Zach Herbert of Foundation Devices
• Confab episode format
• Shoutout to Foundation Devices and the Passport hardware wallet
  
  2. Health and Wellness Discussion
  
  
• Importance of physical and mental health
• Max's transition to focusing on Ungovernable Misfits full-time
• Discussions around home gyms, raw milk, and the Amish
  
  3. Bitcoin and Hardware Wallets
  
  
• Reproducible builds and verification of firmware
• Wallet Scrutiny and independent verification
• Concerns around "blind signing" of complex transactions
• Potential for AI-powered transaction analysis
  
  4. Foundation Devices' Future Plans
  
  
• New category of device in development
• Exploring value-added services and subscription models
• Ideas around an AI-powered assistant within the Envoy app
  
  5. Wrap-up
  
  
• Importance of keeping things simple with hardware wallets
• Multisig and privacy considerations
• Requests for improvements to the Envoy app
• Closing thoughts and plans for future conversations

▎IMPORTANT LINKS

• https://freesamourai.com
• https://p2prights.org/donate.html
  
  

▎SHOW SPONSORS


▎▎FOUNDATION -  https://foundation.xyz/ungovernable


Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.


As a sovereign computing company, Foundation is the antithesis of today's tech conglomerates. Returning to cypherpunk principles, they build open source technology that "can't be evil,". Thank you Foundation Devices for sponsoring the show.


Use code: UNGOVERNABLE for $10 off of your purchase


▎Support the Show


Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.


You can support this episode using your time, talent or treasure.


▎▎TIME:

• Create fountain clips for the show
• Create a meetup
• Help boost the signal on social media

▎▎TALENT:

• Create ungovernable misfit inspired art, animation or music
• Design or implement some software that can make the podcast better
• Use whatever talents you have to make a contribution to the show!

▎▎TREASURE:

• BOOST IT on the Podcasting 2.0 apps (https://podcastapps.com)
• STREAM SATS
• DONATE via Paynym @ https://paynym.is/+maxbuybit
• DONATE via Monero @ https://xmrchat.com/ugmf
• BUY SOME CLOTHING @ https://ungovernablemisfits.com/store/

(00:00:00) INTRO 🏴‍☠️🖕

(00:01:45) THANK YOU FOUNDATION 🤝

(00:03:20) BOOSTS ⚡️

(00:06:28) Max Goes Full Time

(00:10:18) Health is Wealth

(00:17:08) You Can Spend Bitcoin?!

(00:30:42) Dark Skippy 🐿: What Is It?

(00:35:46) Dark Skippy 🐿: Why It It Overblown?

(00:44:09) Dark Skippy 🐿: Don't Fuck With Seed Signer

(00:47:12) Evaluating Reproducibility

(00:52:28) AI Applications in New Development

(01:01:32) Hardware Manufacturing is Tough Business

(01:10:44) Mulling About Multisig

(01:14:10) Feature Request: MORE LETTERS

(01:16:09) Let's Wrap It Up

[00:00:04] Unknown:

Bitcoin   is close to becoming worthless.   Bitcoin.   Now what's the Bitcoin?  

[00:00:19] Unknown:

Bitcoin's like rat poison.   Yeah.   Oh. The greatest scam in history.   Let's get it.   Bitcoin will go to fucking   0.  

[00:00:42] Unknown:

Welcome back to all you Ungovernable misfits.   This episode is with Zach Herbert of Foundation Devices,   and it's a confab episode.   These episodes are a chance for me to speak to the people I wanna speak to   about any topics we wanna talk about.   We just set a time,   choose a drink,   and talk.   If you want more of a focused discussion   on Bitcoin   and other Freedom Tech,   you can tune in to the show I do with Bitcoin q and a,   The Bitcoin Brief,   and this will be aired every 2 weeks.   Or if you want more mining specific stuff,   you can tune in to the action news show   with me and John.  

Or if you want some more Mestudel   focus,   tune in to PMM.   Before I jump into the show, I wanna say a big thank you to Zac for jumping on the call with me. It's always good to chat to him. And also a big thank you for everything that he's done for Ungovernal   Misfits   and that the team at Foundation have done for anyone who cares about freedom,   privacy,   and keeping their Bitcoin secure.   If you haven't already checked out the incredible passport,   go to   foundation   dotxyzed.   Once you've gone on the site and taken a look,   you're gonna be wanting to buy one of these things. Let me tell you why.  

First up, they have the best team in the Bitcoin space.   No question. Hands   down. Everything they do is fully   open source.   That matters.   They've also made   cypherpunk tools for fuckwits.   Even I can use this thing with ease and feel secure.   It's beautifully designed.   And   even if you struggle with technology   more than me,   and that is tough,   you can have Bitcoin Q and A hold your hand through the entire process.   He will even help you set up a multisig.   They really do make the best hardware in the space, and I'm very proud to be working as closely as I do with them.   Check them out at foundation   dotxyzedorzforyouyanksorclickintheshownotes,   and it will take you straight there using the promo code so you get a discount.  

And they know I'm shilling.   One final thing to cover before we jump into the show, I wanna say a big thank you to everyone who's been supporting us on Fountain and all of the other podcasting 2.0   apps.   The last confab episode was with Matt Hill from Start9,   and we got a great response.   It really does help every single time someone sends in a boost or shares us. And it's keeping us up at the top of the charts.   This is really good for our visibility.   And all of these sats help us grow ungovernable   misfits.   So thank you.  

I'm gonna read the top 10 boosters,   Hashlutet   with 106,000   sats,   Own Your Sats,   Own your server.   Heart. Squirt emoji.   Little laptop.   Rod Palmer.   35,000   sats. No message.   Late Sage Huddl.   This will serve as my weekly reminder that I have a start 9 embassy in my shed that's been plugged in for 2 years, and I still don't know how to use it. Any suggestions for someone to help a moron like me?   Apparently,   if it's not an ASIC, then I can't figure out how to make it work.   Chet.   Love that fucking intro and miss it. And I don't listen to enough of Max. I can't stand that fucking fag accent.   Lmfa0.  

I fucked with a few nodes over the past few years, and start 9 is by far the best.   John.   As I'm listening, I thought a lot about the episode of Citadel Dispatch number 26.   It's worth having a listen back. 1 hour 9 minutes 28 seconds is a good start.   Zelko's influence on the space cannot be ignored. His consistency and integrity   are commendable.   I think this exchange between Zelko and Matt had a lasting impact.   Expatriotic.   As someone living in China, I need options that aren't TAW dependent.   Looking forward to the latest version of Start OS.   Just bought my Akuto Dojo with me to China. I built it last year and never used it because I wasn't able to maintain it, and it was at a location with intermittent Internet. I'll repurpose that to test our OS, but I may wait till the new version is live so I have more networking options.  

And finally, Huxley,   really enjoyed the convo, especially the salt stuff   and details on the new router.   I reckon Start 9 have the best software to self host.   I run it on an old mini PC, and the uptime is great. I can't wait for the improvements to access it and to have a distributed   but connected fleet of personal servers.   Thanks again to all the boosters.   I would read you all. But, otherwise, we'll never get on with the show.   I suggest to people who aren't already on Fountain or the other podcasting 2.0 apps to go and download it. You can read through all the other comments   and get involved.  

Thanks for everything, and enjoy the show.  

[00:06:28] Unknown:

Hey, mate. How are you doing? Good. How are you doing? Can you hear me? I have a, crappy,   headphone microphone right now. I forgot to bring my fancy mic with me on this vacation.  

[00:06:39] Unknown:

It is woeful. What are you using? Is it that bad? Oh,   yeah. Terrible.  

[00:06:45] Unknown:

Let me try, let me try this thing built into the, computer.   What about this? Any better?  

[00:06:52] Unknown:

Maybe slightly. Still bad, but I can I can try and clean it up afterwards? I can do a post edit. Okay.   Sounds good. I'm a bit of an artist with all this stuff. Me too.   So you're traveling,   for work or   for work? No. I'm just hanging out at the,  

[00:07:11] Unknown:

brother in law's beach house. I I don't know why I wanted to do a podcast with you while I'm hanging out at a beach house.   But   I guess, you know, I I guess I just wanna talk Bitcoin.  

[00:07:26] Unknown:

Yeah. It's probably my British charm, I'd imagine. You just think, oh, I'd just love to speak to him. I think that's what it is. Yeah.  

[00:07:33] Unknown:

I heard I haven't listened to your new,   your new pod with the q and a that dropped, but I I hear you guys are making some changes.  

[00:07:41] Unknown:

Oh, yes.   Just a little bit. I would call it jumping in at the deep end,   but,   you haven't heard the pod. So No. I'm gonna sort of cover it in there, but it got to the stage with   my Fiat work and family life and everything else that I was just getting really, really sick   7 days a week,   very, very long days, getting, like,   I say, average, like, 4 hours sleep a night. Oh. And I'd done that for a couple of years,   and   I just started having, like, real health issues,   Really, like, my brain wasn't functioning.   It just all was just way too much. I just didn't see the family at all. And then basically, I said to my missus, I was like, look. Something's gotta give here.   I either go into, like, a proper career,   earn some proper money again,   do the smart thing,   but will probably hate it and drop the pod and drop everything with Ungovernable Misfits,   or I take the jump and try and make this thing work and sell some cool in the meantime just to keep us going. We basically were like, yeah. You're gonna be fucking miserable if you go back into,   normally land.  

So let's give it a go. I've, yeah, left my Fiat mining,   trying to, like, take care of myself a little bit, getting into the gym   every day,   cycling every day because I had to sell my car as part of the,   as part of the move. So just, like, trying to get a bit fitter   mentally, physically,   and then   all a 100%   on Undergoff or Misfits   to build it up and make it the best it can be. So it's pretty exciting. Like, me and Q have been talking about doing   more than just the monthly show for ages.   The same on the mining side and just, like, being able to have conversations like this is something that I love doing. And so   I have a good feeling. And, look, at the end of the day, if it doesn't happen,   I'll be fine.  

Like, I get another job or something different.  

[00:09:45] Unknown:

We'll see. Well, I'm excited for you. One of the,   favorite things   that I've been able to do is help rescue Q from his   Fiat career.  

[00:09:56] Unknown:

Yes. And I hear by the way, I hear he has a killer home gym. Oh, yeah. Yeah. He has got an incredible home gym, which is probably why you've seen the state of his calves. That is probably why that guy I mean built like a fucking machine. If I had seen them first, I would have I would have hired him, you know, on the spot.   Just for the proof of work.  

[00:10:19] Unknown:

Yeah. Well, I I have a home gym too. I mean, I, built that out   when we bought a house almost 2 years ago, and it's been the best thing to have that and the sauna. And we just got our new half cow delivered last week. Bought a a second chest freezer. I mean, we're all in on this kind of stuff, you know, the raw milk, and I've been pretty crunchy granola for a long time, but I feel like I'm I'm, like, half out of Bitcoin Twitter and half into health Twitter now. And I'm kinda sick of Bitcoin Twitter. I love following all the health Twitter accounts, and   and I get really bored now with most Bitcoin, you know, related   stuff.  



[00:10:58] Unknown:

Yeah. Yeah. There's so much talk about   time preference   and, like, all this kind of stuff that people natter on about. And then it's like, well, if you get sick, there's no amount of money that you can throw at the situation if you get really sick. And also just, like, quality of life. You just feel better.   You invest the time   and the money,   but it kind of comes back to you because I've always felt like whenever I've been fit and healthy and, like, eating well and doing things the right way, I'll perform better and I do better in the rest of my life anyway. So, yeah, it's it's worth doing. I haven't done the cow thing. That's, that makes me very jealous, like a whole chest freezer   full of beef.  



[00:11:42] Unknown:

That's proper. You actually save a good amount of money by doing it. So Mhmm. You have to shell out, of course, the money up front. But,   I think overall,   it, it's a pretty good deal, and we actually,   get it from   the Amish. I don't know if you are familiar with the Amish.  

[00:12:02] Unknown:

Yeah. Yeah. We cover we talk about them on, the mesh to del all the time because Amazing. Yeah. John, who I run it with, is in that same state, and that's where he was getting his raw milk from. In Pennsylvania? Yeah. Yeah. Yeah. Yes. So we're up in, you know, Massachusetts  

[00:12:17] Unknown:

in the Boston area.   But there's a, there's a Amish farm   network type thing where every other week, they   drive a large truck all the way through   basically, all the way from Pennsylvania   up to,   Boston area and kinda back down, and then all the way down, I think, as south as as DC area. And so if you're living on that route, you can sign up for it. It's like a,   they call it like a member like a health membership   to avoid all the different, you know,   state laws against Yeah. Yeah. Raw milk and that kind of stuff. So you have to sign, like, a waiver with them. You have to pay a one time membership fee, like, a lifetime membership dues in order for it to legally work as a health membership. Okay. And then you can order from them and go pick it up from a delivery site. And so, it's really nice. We stopped doing it for a bit because they there was no delivery site near us. They had moved it, but then they just brought it back. And so we ordered the half cow. We got our raw milk. And otherwise, I have to drive across the border to New Hampshire, which is, like, for me, like, 35 or so minutes north. And it's legal in New Hampshire because New Hampshire is, like, the free state, you know, with all the libertarians. And and so,   so I I do that. So we kinda try to figure it out, but,   yeah, I'm I'm really excited to have the delivery site nearby again and to be able to,  

[00:13:46] Unknown:

you know, order directly from the Amish. Yeah. That's so good. The the Amish are properly based.  

[00:13:53] Unknown:

They're the real ungovernable misfits. They just do what the fuck they want. Yeah. The videos of them building the farms and they they or the, you know, the,   the barns. Excuse me. And they they put up the whole building in a couple days,   and it's, like, extremely high quality. And Mhmm. They just send, like, a 100 guys. They cut the wood on-site. It's all it's all done. And those the videos are incredible to watch. I would highly recommend anyone to search, you know, like Amish   barn and just just be mesmerized watching the,   the video. The craftsmanship.  



[00:14:26] Unknown:

They don't mess around with technology at all, though, do they? So I assume   they're not using any Bitcoin. Is it just cash you have to do with them? So they do use PayPal actually.  

[00:14:37] Unknown:

But Okay. I I it's interesting. I I think that the actual farmer and and who who, you know,   runs the whole operation,   I've only ever spoken with him on the phone.   And   so he does do phone calls,   but I believe they have someone else who's not Amish in New York area   running, like, the website and the web store for them Okay. And actually sending the emails. I don't think you can communicate with, like, the farm directly over email, but they there does seem to be a phone number. So there has to be, like, you know, some level of technology. That's a great point. Maybe I should,  

[00:15:16] Unknown:

should try to orange pill them. I think so. I mean, they they seem pretty well aligned. They kinda do what they want.   They want something that's cash like. I'm sure they don't like the idea of PayPal.   Oh, yeah. And, you know, it just has to be approached in the right way. Like, if it's like the typical, oh, we're gonna orange pill them and tell them all this boring shit about Bitcoin. They're gonna be really put off, But if it's done the proper way, I feel like it'd be a good alignment. And that's something that's put me off buying Mhmm. From farmers and stuff is I only have   my Bitcoin. It's like my own income. So I end up always doing, like, Aldi, which isn't ideal. Like, there's better quality meat, but I can do bit refill.  

I can buy my meat from Aldi, and that works quite nicely. But if there was a decent farmer   that I could buy that and raw milk from, I'd definitely be doing it. That makes sense. I think for the Amish  

[00:16:09] Unknown:

or just for this kind of farm delivery service, you know, the idea of   reducing their fees,   eliminating the risk of charge backs for crazy customers is probably, you know, a good way to approach it. But even more than that, it's probably a great way to say this is essentially marketing towards a very philosophically aligned audience that could significantly   grow the customer base. Because one of the things they struggle with, especially going into   my area and the Boston area, they had killed the delivery site because they just weren't getting enough business because it's really hard for them to get the word out. But you got a really nice crossover now of the Bitcoin folks that wanna be able to buy directly from farmers like this.   And it almost is like free marketing to say, well, we're gonna take Bitcoin, and then you list it on a few different websites that say, you know,   that they take Bitcoin, and that could be a really, you know, good way to approach it. Well, we'll get on that then, mate. We're gonna we're gonna convert them all.  

You're you're doing the thing no one that that the influencers say you're not supposed to do, though. I mean, you're you're spending your Bitcoin,   and you're, you're selling Bitcoin to support your life. I mean, it's a very controversial isn't it?  

[00:17:22] Unknown:

Very controversial thing that you're doing. It's awful. I mean, this is generational wealth. The idea of me actually using the money is   disgusting.   But, you know, we're ungovernable. That's how we do things. A, is what it's supposed to be for, and b,   time is actually scarce. And, like, I've really   realized that now with, like, having a few, like,   illnesses   and also, like, having kids. I'm just like   Mhmm. You know what? Fuck it. I just wanna actually do the stuff I wanna do because I genuinely like you don't know how long you're gonna be around. And, yeah, it's an incredible thing, Bitcoin.   And I'm really interested in the technology and, like, I'm really interested in fucking around with this stuff and, like, annoying smart people like q and a and you and everyone else and trying to work it all out. But if you can't use it and you can't live your life and you can't prioritize your health and your friends and your family, then   I think you're doing it wrong. It's really easy to get into that trap of, like,   trying to think of a number where it could be and what could you have in life. And then if you actually look around, you're like, okay. Life could be better, but it's pretty fucking good.  



[00:18:32] Unknown:

I think   every   early adopter of Bitcoin   is gonna go through that, you know, pain of,   you know, selling some or spending some and,   you know, you just have to be, I think, more stoic and grateful   about it than you I mean, it's still so early. Right? And I   even in the last week, I think, actually, yeah, only a few days ago, I was,   I'd found some old seed words I had in storage that I was almost positive, you know, had no funds on them. But I was,   importing them into, you know, wallet and trying to make sure.   And I saw some of the transaction history.  

And, oh, boy, did I you know, looking at that. I mean, I'm talking, like, 5 plus years old stuff   and   saying like, oh, man. If if I coulda just, you know, held on to this, I'd have, you know, more than double what I have now. But Mhmm. That's just how it goes. Right? And I think for me, it's as long as you have even, like, the the same order of magnitude,   I think I think you're gonna be okay.   So I don't I don't regret it. It's just sometimes it's a little painful, but that's just how it goes. You know? I think I was looking I saw 1. I I think I sold   3 Bitcoin at, like,   $270.  

Oh.   And and I used it to, like, buy some clothing or something. This is probably back in, like, 2015,   I think. Yeah. And that was just brutalizing   to, you know, to think about.  

[00:20:06] Unknown:

Oh, yeah. That's,   that's not fun. But, yeah, it's easy to get, like, stuck into the trap of I think a lot of people   get some Bitcoin, and then they almost put life on hold.   And I think I've been guilty of this to some extent myself.   I put   my art and creation stuff on hold because I was so interested in Bitcoin. Then I put all my money and everything that I could into it and didn't pursue other businesses and ideas that I otherwise would have.   And then it's easy to get into that trap of like,   oh, I don't wanna spend anything because I can't do anything that's gonna outperform this thing. And then if you think like that, even though it might be right, like, you know, it it could be correct, but it's like, if you think like that, you're kind of, like, shorting yourself,   which is a weird thing to do.  



[00:20:56] Unknown:

Yes. That makes sense. And   I feel exactly the same way because, I mean, we we bought a house a couple years ago now and then, you know, got married   several months afterwards.   And there's so much advice that I see   on Twitter   about, you know,   rent, don't buy, you know, never sell your Bitcoin, just wait a few years.   And for me,   I just wanted the the stability   of, you know, owning a home,   of, knowing that I wouldn't have to move in a year or 2 years, having to deal with landlords and rent,   knowing that I was gonna be getting married, you know, the following year   and wanting to just to have that stability,   have a place for   my chest freezers   and, you know, building a gym   and, you know, installing the,   the reverse osmosis   with the remineralization   in the kitchen.  

And,   you know, you can't do that if you rent largely. You can do maybe a little of it. Right? But I just had these goals where I wanted   to have the fancy home networking set up and the security cameras and,   you know, all this cool stuff hosted, you know, at home. And for me, it was a no brainer that, you know, I wanted to buy something, but I did have to sell some Bitcoin for that as well.   And I don't regret it at all because,   you know, it's just a technology. Right? You should be using it to obtain   what you want from life,   and   you should not feel bad about using it to do that. That's what it's there for.  



[00:22:38] Unknown:

You wanted a home, not somewhere to stay.   And that's kind of where I am now is, like, I was involved in property. I sold my properties off. Mhmm. I bought Bitcoin. Financially, it was a good decision.   Financially, it's best to rent at the moment, but it's fucking annoying for, like, all those reasons that you're mentioning. Like, there's stuff I wanna do, but I'm like, if I do it, then actually it's not gonna be worth it because it's not my house. And even if I you know, and I might not even be allowed to do it. And then it, like, never really feels like home because you have inspections, and you might not actually   be able to stay here. And so,   yeah, I'd I'd definitely like, if we get into a position where   we can,   then   I think that's something that we'll do and build it in the way that we want and make it a home. Like, all the things we talk about in the mesh to del in terms of, like, permaculture   and, like, growing produce   and being smart about the way that you have your house set up to make it the most enjoyable and healthy place for your family, that's something that's, like, an enjoyable thing to do. It's almost like a hobby making the home that way. So it's definitely on the list.  



[00:23:48] Unknown:

Yeah. I I mean, I couldn't agree more.  

[00:23:50] Unknown:

Yeah. Well, all you Bitcoiners   who are listening and maybe you're wrapped up in these ideas,   maybe do back yourself and,   don't be so scared   to do anything because you might see, a pump.  

[00:24:04] Unknown:

I don't know if we ever talked about this from early on, but, I mean, I've even, like, when we started this company back in,   when was it? I guess, March of 2020 was when we started.   Right when when COVID started,   we   were   already running out of money   by   the beginning of the following year   in,   q one of of 2021.   And we were gonna start trying to raise, like, our first real funding round. Before that, we had just raised some money from angel investors and, like, very small,   you know, funds,   just over half a $1,000,000   in 2020.  

And I wanted to make   sure that the company was, you know, in a position of,   of strength and don't wanna go into it, attempt to fundraise   with, you know,   almost $0 in the bank account because then you could be taken advantage of.   And so I signed up for Unchained,   and I took out, you know, the Bitcoin backed loan.   And I,   loaned the company   a $100.   And I was I was that was, like, I was so scared, you know, because   if if something didn't work out,   you, you just you just lose all the Bitcoin. Right? I wouldn't have been able to pay back the loan. It's like a double loan. I loaned the company and then, you know, took out a loan to do it. So Yeah. But you gotta do stuff like that. Right? Because you gotta have the confidence in yourself, and Mhmm.   It's okay. Right? Like, that that's the whole point. You're you're supposed to do things like that. Well, following your dreams.  



[00:25:41] Unknown:

Right. We'd be in a much worse situation   if you haven't made that decision.   Me and Q and a lot of people off air sort of talk about this. Like, there's so much   fucking nonsense   out in the space. Yeah. Having   something that is usable   and accessible and doesn't look like a piece of shit,   If you die, then your missus can still actually use it.   All of those things.   Yeah. Okay. There are some other companies out there that do some stuff that's kind of okay, but then they either spy on you or lie to you or sell your data or leak your data or do all this other   stupid   fucking shit   you expect of the fiat world, but not of the Bitcoin world. And so if people don't take these leaps, if people don't say, oh, look. I wanna build something.  

I think it's needed.   What's the Bitcoin space gonna be like? And that's kind of what I've got to with Ungovernment Misfits is like, I don't like most of what I see out there. There's some stuff that's okay, but most of the time, I'm, like,   pretty disgusted by   the way that people behave in this space, especially people who are, like,   telling people that they care about freedom and changing the world.   And they couldn't be more Fiat if they tried. So if you want something changed, you gotta fucking do it yourself.   Is it Michael Jackson?  

I'm looking at the man in the mirror. Is that what I'm looking for? Something like that. Something along those lines. But, yeah, that's it. I was like, you know, I'm gonna be fucking miserable if I believe that we can do something better than everybody else, and   if I believe that we can do something better than everybody else and that it's important.   And then I just go, no, because   I wanna save my Bitcoin, so I'll just do   a stupid fiat job that means nothing,  

[00:27:25] Unknown:

and no one's gonna care about when I'm dead just so that like I can have a few sats. Well, I'm excited that you're doing this you're doing the pod full time, that you're gonna put that work into it because   when I think about   the   ways that new Bitcoiners must be coming into the space and   what they're told to do,   the conversation you and I just had in the last 20 minutes   runs completely counter   to what so many new Bitcoiners   are being told   when they come in. Right? Never never sell.   Everything is fiat, you know, like, including the,   I'm I'm in real estate and, which is I mean, it's kinda true, but it's missing the point, right, about Bitcoin as a tool or a technology.  

I've talked about this before where I think a lot of people come in and they think Bitcoin is the why, but it's not. Right? The why is freedom. The why is sovereignty.   The why is not Bitcoin. Bitcoin is is a how.   Bitcoin is is a tool and probably the best tool. But because it's a tool, it needs to be used.   There's no point of having a tool in your shed   if you're not using it.   I really hope that you just blow this thing up because   I would love for all these new Bitcoiners, especially if, you know, we're in the typical market cycle   and bull market and millions of people coming in. I would love for them to   learn from you and your guests   and not, you know, some of the other, you know, typical   sources.  



[00:29:02] Unknown:

Yeah. I   we're gonna absolutely smash it in terms of work rate and just nonstop   putting out shows and quality and and just stepping everything up. I'm skeptical whether we ever get the   new people in because we are   quite sort of,   I guess, quite technical even though I'm technically illiterate.   We do cover, like, more of the technical side of things generally,   and   it's not feeding them.   Like, we'll never have Michael Sailor on. We'll never have these, like, Fiat shells on because it's not what this is about to us, and that to me is what brings people in. They wanna hear, like, they wanna hear about their bags being pumped. But what I hope we are is people come in, maybe they do a cycle, maybe they do a few months,   and then maybe some of them realize, oh,   some of these guys are fucking retard. So, like, I don't really wanna listen to this anymore. And then people suggest, oh, well, you can come over to Uncoverable Misfits. I think that's kind of where we sit. And also just to   be the people who say, well, we're not gonna yield and just say stuff that we don't believe in, even if it's like the cool, in crowded, trendy thing that gets you into the, like, backstage conference things and the steak dinners, and we don't care about being popular. We don't care about being parts of these groups. And I think that's something that sets us apart because   we don't care about saying   fuck you or calling people out who are doing stupid shit in the Bitcoin space   or lying because   we just don't think it's good enough, and there's a lot of it. And it's like Yeah. Endless.  



[00:30:43] Unknown:

Well, I was messaging you about something I want to talk about   with regard to   the dark Skippy stuff, which I'm sure Oh, yeah. You've heard about. Mhmm. I'm curious what you've heard about it because all of a sudden, it was everywhere in the last, you know, few weeks.  

[00:31:01] Unknown:

Well,   I am lucky enough to have only really heard bits from   q   and Uh-huh. A few others who are more   reasonable   people.   I turned off all my other podcast feeds over the last few weeks as I've transitioned away from my Fiat mining and and been focusing on the show, so I haven't been listening to others. But   my   understanding   from the little bits I've seen is that there's been,   as far as I can tell, a massive overreaction.   It's been used as a way to attack   people like SeedSiner or projects like SeedSiner.   Yes. Cast shade   on   projects that really matter,   and that's exactly the sort of thing   that really gets under my skin.  

It's the sort of thing that if someone is nodding along and allowing   that message to be put out because it gets them engagement, and it gets their bellies rubbed and their balls tickled by their friends.   That's just not acceptable to me. It's like there are projects that are really fucking useful out there. And when people create these   massive overreactions,   it just scares people, and it causes more harm than good.   We covered it a little bit like the basics of it in the monthly that just dropped, but we actually said, well, we're not gonna go into it too heavy because   I've got you coming on, and we're gonna jump into it. So, yeah, I mean, what's your take on the whole thing?  



[00:32:34] Unknown:

I think there's so many   different angles here,   and there's a lot to unpack.   For those who are not familiar with it, though I think everyone's probably   seen something at least on Twitter about dark Skippy.   It's basically   just a new form of, seed exfiltration   method   where   if the hardware wallet   was   running malicious firmware,   then   there's a way where you can choose the nonces that you're using to sign the transaction   so that   the person who wrote that malicious firmware could, just from looking at the transaction   data on the blockchain,   could piece together your seed   and therefore   decide if they want to steal all your funds.  

Mhmm. And notably   could do so even if you had a passphrase   applied   because a passphrase is just essentially adding another word   onto your seed. And so it basically just exfills   the private key, I think, is a very   succinct   explanation   of   this attack. And I don't think we even need to   get more technical   than that. It's just a new form of,   you know, a seed   exfiltration   kind of attack   against hardware wallets.   Now   I think my biggest complaint with it is that,   as you said, it's being used   to justify   or attack   specific   projects or devices, namely SeedSigner.   But it's also being used to advertise   the couple devices   that have   built protections   against it.  

And   it's actually more complicated   to build protections against it   for things like an air gapped   device.   And so you have I think it's it's, you know, Bitbox   and   Jade   that have some kind of anti Excel protections built in. But they're able to do that because they use USB   and or Bluetooth.   And then you have this   explosion of   different perspectives on Twitter.   But, you know, I was arguing with   Matt Corallo, you know, Blue Matt, the Bitcoin core developer. I was arguing with him for hours a couple weeks ago on Twitter back and forth because he was saying that, you know, the only things he would recommend now are   Jade   or BitBox   or one of the multisig   products like Casa   or Bitkey.  

And you know how I feel about BiKi   being a nightmare of a project in so many different ways.   And I have nothing bad to say about, you know, the Bitbox guys, of course.   And, you know, I don't really have anything bad to say about Jade   except that it uses this really weird, like,   cloud based   pin protection.   But Mhmm. That's the wrong kind of message, you know, from a Bitcoin core developer.   And there's just been so much FUD about   this type of attack. And I think it it's broken what is, like,   a core rule   amongst hardware wallet makers, which is   if there's a vulnerability,   do not   inflate   it. Do not spread FUD about it.  

And if it's a real vulnerability,   then report it to   the devices that are impacted,   but never embellish or exaggerate   the effects of it.   And I think what's happened here is that   everyone's forgotten that in order for this attack to work, you have to have firmware   that is malicious.   And if you have firmware that is malicious, there are so many other   ways   that it could get your seed or screw you in some way. Yeah. So this is just one of   many,   you know I was arguing in this Twitter on Twitter, and I was I was just making up new kinds of attacks on the fly   of ways that,   you know, you could steal someone's Bitcoin, you know, if you have malicious firmware.  

And so everyone seems to have forgotten that. And they've all just latched on to   spreading a lot of fear   about this attack, which is just yet another   Xfil attack.   Yes. It's it's very interesting to read about and to think about, you know, how can we mitigate this.   But it was so overblown, and I do feel like it's broken like that cardinal rule where you're not supposed to, you know, make up or exaggerate these attacks, then use it to try to, you know, market your device against someone else's device.  

[00:37:27] Unknown:

Well, fear sells.   It's always it's engagement, engagement, engagement, and then   people tied to projects and   not reporting   honestly because either they have financial   gains to be made or social gains to be made.   And,   yeah, it is. It's it's really frustrating to see. And as you know, I'm not the most technical bloke, but the way I see that is it's like saying,   if someone manages to   walk into a safe,   here   are 5 more things that they could do inside that safe. It's like, yeah. Because they're inside the fucking safe. It's pretty obvious.   They could set everything alight. They could do this. They could do that. It's like, yeah. You don't give physical access to these devices in an ideal world. That wouldn't be wise.  

From what I understand, if you have a secure element,   then that is actually going to   check the signatures anyway   to make sure that the software   that you're using or running is not malicious,   and therefore, that would mitigate it anyway. And   to be belt and braces, you should   really   be verifying software yourself.   And these are the things that, like, the people who   wanna shout about this sort of stuff,   they're happy to do that, but they can't be bothered to actually teach anyone how to verify software or do any of the things that are actually necessary to keep people safe. It's all   just  

[00:38:56] Unknown:

nonsense. Exactly. And so if anything, what it demonstrates   is   the importance of   reproducible   software,   of reproducible   builds.   So we   sign our firmware   with a 2 of 4 signature scheme. So we have 4 keys,   and any 2 keys   need to sign the firmware   for the Passport bootloader   to allow the firmware update to occur.   Mhmm. So it needs to be signed by 2 keys.   That firmware   is reproducible,   which means that when we publish that release and we sign it with 2 of our 4 keys,   if you wanted to go to our GitHub   and download the firmware   and   build it from source yourself,   you will check and see that the hashes match.  

And so you can have complete confidence that that firmware that you just downloaded and compiled   on your local machine   matches the firmware   that you have downloaded   from us,   you know, from our Envoy app or from our GitHub.   And you can see that we've signed that file with 2 of our signatures.   And so if you go and you try to install malicious firmware on Passport,   it will not let you.   Now   we have an advanced user feature that allows you   to load your own key, so you can sign your own updates, if you're a developer, if you're a power user. But by default, we do not let you install   unsigned firmware.  

And so you would have to get physical possession of the device. You would have to rip the device apart. You'd have to rip chips like off the board. You have to go through all these lengths in order to attempt to try to do it. And you're right that the secure element can add protections   against that. Another great thing you can do is, you know, you can enable   anti phishing words,   which are generated through the secure elements. So when you turn on the device, you can check to see, you know, as you begin to enter your PIN, you know, do you see those words on screen?   If they're not the same, then someone's probably swapped, you know, your device.  

But there's an entire category   of   attacks called, you know, evil maid attacks, the idea that you have a maid that, you know, swap that that steals your device and then does something to it and replaces it. I mean, if you're at the point where someone is taking physical possession of your device,   there's so many other things that they could do. Yeah. Drill through your fucking kneecaps is the obvious one. But another one is, like, if it was someone very sophisticated, I mean, you could swap the entire device   for a malicious new device   if they don't have those anti phishing words enabled. Right? You you get them to enter their PIN onto a malicious device.  

Yes. And then you have the real one in your possession. And as soon as they enter their PIN, you just enter your PIN and it's gone. Or, like, if we put on malicious firmware at the factory,   we could just have firmware that ruins your seed generation process.   Or we could have firmware where we say, well, if you push keys 1, 56   at boot, it just displays your seed on the screen.   Like, there's so many things we can do. One example that I gave to Matt on Twitter, which he dismissed   right away,   was you can if it's a USB device, right, like not air gapped, but if you have to plug it into your computer with USB, you could make it emulate a keyboard. You could have it instantly open up to a terminal window   or navigate to a URL in your web browser. Mhmm. And you could just have it type the seed into your computer.  

It might be obvious if it's like opening a window, but if it's doing some quick terminal type thing when the computer is idle, you know, maybe it's just plugged in. You're not there. You don't see it. Scene's gone.   And Matt, you know, had replied to me something around that being nonsense. And then I linked to a post where this exact vulnerability   occurred with Ledger years ago   where someone realized they could actually intercept a Ledger device in its supply chain   and make it become a keyboard so that when you plug it in, it instantly opens a browser, goes to a website, and so on. And typically, what that would be used for was to   take the user to a phishing site to try to trick them into downloading a malicious ledger live or entering their seed, you know, onto the computer. So there's been so many of these kinds of vulnerabilities of, you know, what happens if you can get malicious firmware onto the device. And it's just so disingenuous   to say, well, we've developed this new Xfil vulnerability.  

It affects everyone,   therefore, only by the devices who are not affected.   Like, it it misses so much of the point where if the device has really strong protection against installing malicious firmware and the device has reproducible   builds   or the developer team, you know, publishes reproducible builds,   then you're protected from that and so many other types of attacks.   So that's where I got really triggered because   I was just pretty surprised by, you know, this,   the amount of times that I I I saw people talking about this on Twitter. I think people love when there's a new vulnerability or there's news, there's something to talk about. I'm still trying to figure out how to best respond because we we still haven't responded, you know, officially as a company.   But I think the target   of seed signer here is crazy because   seed signer has a very interesting security model that is different from virtually every other hardware wallet where you can grab some over the counter hardware, you know, is maybe a good way to describe it, and you can download and verify your own firmware.  

You can install it onto the device,   and then you can use it as a signer.   Not as storage, but as a signer.   And that's very cool. There's so many advantages to that.  

[00:44:48] Unknown:

It really pisses me off when people go after them.   I've been covering them on this show since literally the very beginning. Yes. Because   it was the first time I'd seen something where   it mitigated against the attack   of if you're in a country   where   the use of this kind of stuff could have you jailed or killed   and you want to make absolutely sure that you're not having something sent in the post or going to a shop that would be nonexistent in these places,   1000000 different things.   That to me is incredible. And and the fact that it has these   interesting   trade offs makes it perfect to use in something like a multi   sig with something like a passport.  

There's just so many things that you can do with these, and it's frustrating to see them get attacked   when   they're making this possible for people who really probably shouldn't be buying a hardware wallet. And, otherwise, you know, they're risking potentially their lives. So it is annoying,   but it's kind of   expected   at this point. I'm actually gonna have seats on in the next couple of weeks to to talk through some of this stuff. But,   I had a question on the reproducible   builds   Sure. You probably answer. So when you were going through that, you were saying you have these 4 keys, and as long as 2 people from Foundation   sign   that firmware will be accepted by the device   and that everything is reproducible.  

Obviously, I'm like, okay. That's cool. It's reproducible. Somebody could do that, but, obviously, that somebody's not me. I'm never gonna make that from scratch. That's just not something I'm ever gonna do. Is there   either a list of people who go through   and recreate these reproducible builds and check them so that people could you know, for example, like, if   somehow   you and one other person   in   Foundation had been compromised   and then that software went out, I'd always wait to use software anyway for quite a long time to do any updates. But if then, say, someone like Crate Rule then goes, yeah. That's good. I've checked it. I'm gonna be like,   yeah. I trust that then.  

Is there something like that that is happening or some sort of software that does it that is set by   the teams?  

[00:47:12] Unknown:

There's a website called Wallet Scrutiny  

[00:47:15] Unknown:

Oh, okay.  

[00:47:16] Unknown:

That   many people   hate, which is probably good.   Yeah. They're hated by MBK,   but they're also hated by the samurai guys. Okay. So you got this one website   with people that, you know, different parties who hate each other also hate. Mhmm.   That's, every time a new build comes out for all these different wallets, they they download it, they build it from source, and they tell you if it's still reproducible.  

[00:47:46] Unknown:

Okay.   So that's interesting. So if you put out an update,   I can go on there, and I can check and see that they've done it as well. And then it's, an independent,   like, 3rd party   who   is checking these things. So that's like Exactly. Again, belt and braces. So so, really, what you're saying is if I wanna update my passport, I'm gonna look on there. I'm gonna check the signatures myself.   Be like, right. That's cool.   Then the device is gonna check them as well, and it's like, okay.   2 people from the team   have signed this. So I'm like, okay. I'm pretty confident with that then. It's very unlikely that anything is gonna go wrong in this process. But if I wanted to really triple check, then because it's reproducible,   I can check on the website that you just said, and they will have done it as well. So unless 2 of the people in your team are compromised and that other team is somehow also compromised   for that same bit of software,   then it's fine. And Right. Everything past that is kind of wishy washy theater.  



[00:48:53] Unknown:

Right.   And that's separate from checking the code on GitHub   to make sure that there's nothing malicious in the code.   All that's doing is saying,   you know, we're testing   that   this firmware   file that you're about to install   matches   the code that's on GitHub.   Yep. So you have wallet scrutiny that says, yes. We ran through it. We built it from source.   We confirm it's reproducible.   That means that we confirm that, you know, the the firmware file download that we   provide   through our Envoy app or directly from, you know, our support website   matches   what would happen if you went to our GitHub.  

You downloaded Mhmm. The full repo, and then you compiled it.   So that does not say that we haven't made some malicious   change to the actual code on GitHub. Good point. But, of course, you know, all of that is also out in the open. That's the beauty of open source, you know, software.   And I think by now, if a main if a main hardware wallet, you know, was to,   you know, it would be caught at some point Yeah. If they were to make malicious   GitHub commits, and you could probably try to be really clever and do it over years.   But I think it it would probably be caught, you know, at some point. So there's an element of trust to it, but there's also a huge component of all this is out in the open. And so I think,   yes, everything has flaws, but I think that open source process of publishing code, having all the code be in the open,   taking great steps to ensure that the code is reproducible   so that others can check it is just so important. And it is actually harder to make it reproducible.  

The reason is is because there's you know, code has all these dependencies.   There's all these different versions of all these dependencies.   So you might have Python on your computer, but it might be a different version than Python on my computer.   And so when the thing is ultimately compiled, the code, you you know, it's totally possible that   there's something it does the exact same thing,   but the exact file, like the exact bytes, maybe there's something slightly different. And then it the hashes don't match.   And so we've had it multiple times where, you know, while it's scrutiny or someone else or we I mean, we test it internally before we publish the firmware across multiple devices. You know, we try to we build them on different devices, different machines,   and the hashes don't match, and we have to figure out why that   is. And maybe we have to say, well,   essentially, we we provide   instructions   in our firmware repo for anyone who wants to build it from source so that they can reproduce   our build. And there's there's been a few times where while scrutiny tries and it it doesn't match.  

And then we move as fast as we can to make sure that we understand why, and then we make sure that we give them instructions to get it to match or update our process. And I think why a lot of people don't like them is because you get called out for   it. If it doesn't if it if it doesn't match them, it's not reproducible.   And you can imagine, like, MBK getting pretty pissed off that, you know, they're saying he failed the reproducibility   and he's saying, well, they just didn't follow my instructions.   Mhmm. I think the humble approach is, well, then our instructions weren't good enough. Right? Or there's something wrong with our instructions. So that's kind of the philosophy that we have. And our view is if while scrutiny can, you know, download our firmware, file the instructions, and build it, and it's reproducible, then other people, you know, other experts, other technical folks can also do that. Mhmm. Is this something that AI could ever do? Could you ever have an AI that could reproduce these builds?  



[00:52:36] Unknown:

Mhmm.   So   an AI that could   reproduce   these builds   following instructions   if the instructions are laid out in a certain way so you could have different AIs on different servers all checking  

[00:52:52] Unknown:

software that comes out? I think you can. And it's actually kinda funny you said that because I've been thinking a lot about some of that stuff recently,   and we've been having some conversations internally about, you know, what kind of services we can offer,   which, of course, you would have to make sure that if it was anything related to transactions on Passport, right, you'd have to make sure that a transaction is anonymized   before ever using an AI tool or that the AI tool is running locally somehow. Right? Could be on your Mhmm. On your Envoy app on your phone if it's a very basic model. But you could definitely do that. I think for things like firmware reproducibility,   yeah, you could have, like, an AI running that's trained to follow   the steps and   basically just go through the build steps and and give a thumbs up that it was able to get a hash that matches. I think that's very simple. I think you would need some compute because you would need, like, a server that is able to go download and then use its resources to compile the code, but you could definitely do that. But I've been thinking more about even   complex unsolved problems right now in the industry.  

Mhmm. I don't know if you've ever seen, like, a mini script   transaction.   Passport   still does not support mini script.  

[00:54:05] Unknown:

I've not seen a mini script. I know what it is, but I I haven't seen one. They're unreadable  

[00:54:10] Unknown:

by humans.   And so one of my challenges with saying, yes. We're gonna go support Mini Script on Passport   is that   if it's a very complex transaction that you're signing,   you are still using the hardware to sign and so you're benefiting from the hardware being called right offline and so on.   But are you really verifying the transaction details if you can't really read it or understand what it does?   That's a good point. And so it's almost like a form of blind signing.   And to go outside the Bitcoin space for a moment at risk of,   sounding like like a shit coiner here, though I don't even like that word because I'm sure you and I would agree something like Monero, right, is, is an amazing tool. We would agree on that. The Ethereum space has a horrible   epidemic of blind signing.  

Almost every time   you go to sign, like, a smart contract,   Ledger has, like, this famous screen where it's like, I don't I don't know exactly what it is, and I think it's changed. But I saw someone you share a screenshot of it on Twitter from, like, the new,   their new devices, Stacks and Flex, the ink devices,   where you're basically acknowledging that, like, you're just blind signing this thing. You don't really know what you're signing. You just have to click continue.  

[00:55:29] Unknown:

I've not seen those devices   yet. I've only I I used to the first hardware I had was a Legend Nano thing. It was fucking horrible to use, and the screen was so small that even if you were trying to verify anything, like, you have to scroll through forever, and it was clunky and Right. Shitty. So I imagine most people just click through. So the new ones, they're they're still doing the same thing. Yes. So they have a larger screen. They have, like, a 3 or 3 and a half inch ink display   Mhmm. Touchscreen,  

[00:55:59] Unknown:

but they're still doing the same thing with blind signing. And I'm actually worried that Bitcoin is gonna face the same problems because everyone's talking about scripts and contracts on Bitcoin.   You know, there's all this talk for   o p cat or, you know, some of the other stuff where you can have much more complex Bitcoin transactions and contracts.   Mhmm. And I do think that's the future personally. But   I'm worried that we're gonna have the exact same problems that the larger crypto space or specifically Ethereum space has for this blind signing where you don't really know what you're signing because it's such a complex script   or contract.  

And I do actually think that there could be an AI service here where, you know, you could potentially have an AI that is able to actually analyze the script, right, like the mini script, figure out what it's doing, and let you know if you're about to be screwed.  

[00:56:53] Unknown:

That's interesting, actually. I wonder if something like start 9 could put some sort of AI that runs locally that could do that kind of thing? Because that sounds   like a pretty big problem to be blind signing things.   Yeah. I've not heard anyone actually   mention. This is the this is the thing that annoys me. Right? We have these sort of conversations,   and it's like, that's the first time I've heard anyone   thinking about that. And, yeah, you hear people saying about OPCAT and all these things and, like, back and forth and should we and shouldn't we and blah blah blah. And I kind of stay out of it because I'm like, well, it either will happen or it won't. And I don't really have a huge amount of sway on that, so I'll just see. It's out of my level of understanding, like, what these things can do   in terms of, like, what the knock on effects of changes can be. Because it's always like well and good saying, oh, we can do these new things. It's like, yeah, but what does that open the door to? But those conversations go on endlessly,   and these sort of stupid attacks on seed signer and everything else is which is completely retarded. But no one's talking about that, which would be a major issue. Is this something that you've thought about   within Foundation   that you guys could do potentially?  

Yes.   Okay.  

[00:58:09] Unknown:

And, you know,   we've been quietly working on the next gen   device   for 18 months now, and I still can't talk too much about it. Q and a, he still won't tell me anything.   No. I still can't say too much about it. But I'll say, one, it it I don't think it's gonna compete with the current passport,   which is gonna be really interesting.   And I think it's gonna we're gonna try to compete with,   I don't wanna say too much.   But it's a I'd say it's a it's a new category of device. Firstly, we're not gonna call it a hardware wallet. So that's something that's interesting.   It's its own operating system. It's it's,   it's not built with any   based on any existing hardware wallet that's out there.  

Okay. It's an operating system we've been working on for also about 18 months, which is really exciting.   And we're gonna try to have a tighter link to Envoy on the phone. And so we're definitely thinking about these kinds of, like, services   offerings   because Mhmm. You know, I think it's kind of a cliche within the hardware   world that,   you know, you want to be able to have some value add services   that people want to pay for. Yep. The thing that bothers me is that   when you you buy, like, a device and it it you're required to pay monthly for some,   like, for some service or subscription   Yeah. Everyone hates that.  

But if we can create some offerings that you want to pay for, right, because you're getting so much value out of them,   it would help us. Right? Because it allows us to grow more as a company, to have more sustainable revenue,   to not just be selling a device that you keep maybe for 5 years. Right? And and that's a onetime   purchase from us. So we're thinking a lot about those kinds of things and,   you know, what we can do with,   either the current, you know, passport hardware or future devices that we make. And Mhmm. We have a couple interesting,   you know, services ideas.  

But a more new one, I don't even think I've talked to to q about it because,   I think he was he was on vacation   when, we were we were talking about it a little bit. But, yes, like an AI related one. But it would have to be very privacy preserving,   and it would have to add   a lot of value. But one thing I kinda wanna do is I kinda wanna turn q and a into an AI.   You know, I want, like, that always Kind of is. Always available,   happy, friendly, knowledgeable robot within our mobile app, right, for all your,   all your Bitcoin,   questions. Oh, that would be really nice. Yeah. Like an animated little q and a. Especially, if it can access all of your transaction data without, you know, wrecking your privacy because it's it's, like, on device or at least some of it, you know, is on   running on your phone because your transaction data is already on your Envoy app, right, if you're using Envoy. Yeah. Yeah. Yeah. And then you could ask it even questions about   what you've done. Right? Or you could ask it anything. And so I'm really interested in that kind of stuff. And, you know, I would love to do something there, but, that would be probably sometime next year. But, yeah, we think a lot about, you know, about this kind of stuff. It makes sense because I've often thought that. I'm like,  

[01:01:34] Unknown:

being a   hardware   manufacturer   is a pretty tough business, it seems, especially   when you're, as you said, making stuff that people will most likely   keep for 3,   5   years, that kind of thing, unless you're just pushing out devices   with, like,   oh, we're now doing an orange one or, like, pointless shit like that   just to sell more stuff because people might go, oh, that's cool. We always say on the show is, like, get some hardware that you understand.   Use it regularly.   Don't keep changing and fucking around and flipping to the newest thing all the time because that's where mistakes are made. Just get comfortable   and practice.  

With that in mind, it's like   how many   passports   is one person gonna buy from you? Okay. They might do, like, 1 and then one as a backup.   You know, they might do   3 or 5 because they're doing a multisig, which mean q and a just covered that you guys are gonna be doing that. Like, he's gonna do some little robot hand holding, which I think is really cool. But I guess that's kind of probably the limit. They buy them and then that's it for 3 to 5 years. So those kind of services   really do make sense because   people do want stuff that makes their life easier,   and this stuff   can be   a little bit complicated,   and it's   crucial. Like, it's vital that people get it right. So, yeah, I like that. It's a good idea.  



[01:03:03] Unknown:

It's funny. Amongst the hardware wallet industry,   there's been very few attempts at services,   which is crazy because if you think about, you know, Apple with the iPhone, let's say, almost every iPhone user is paying for some service. Usually, it's like Icloud   Oh, yeah. I know. Yeah. Storage space.   Or, now there's now they're getting sold kind of tangential things. Right? Like, there's fitness and TV and   games. But for most people, it's Icloud because they find so much value in being able to back up everything   on their iPhone.  

And it's an amazing service, right, that you could get this these instant backups. And if you lose your iPhone,   you just have everything redownloaded   to it. And now, I mean, you could even make it end to end encrypted. You can opt in to their,   you know, I forgot exactly what it's called, but something like advanced security,   and it's all end to end encrypted,   every single thing. And that's incredible.   And,   you know,   within the the hardware wallet or even just Bitcoin or related hardware world,   there's very few services. There's there's one business model that works,   which is the ability to   buy Bitcoin or buy crypto   from within   the   companion application.  

And we recently added that as well.   Yeah. I saw that. And we have some alternative peer to peer, you know, options on ATM map and Azteco voucher. So we're trying to balance it out. Right? But,   you know, Ledger,   Trezor,   and most of the others that have an app, they allow you to buy or swap crypto. So that's a pretty sustainable business model. Otherwise, there's only one other service   that I can think of   which has been a complete and total shit show of a disaster, right, which is Ledger Recovery.   Oh my god. Yeah. And that's the only other service that's been attempted, I think.   And, you know, I I bought these new Ledger devices,   the Stacks and the Flex   for the company. We preordered the Stacks, which is that, you know,   3 and a half inch ink device   that was designed by Tony Fadell who made the Ipod and Nest.  

And they made a huge deal of him making that, and they they presold it. It took a year and a half to ship from   preorders. They had these horrible delays, and it's just there's so many upset customers, and it was $279,   and they they raised it to 3.99   last month at the conference. So the thing has been a mess of a product for them. But the thing that really stood out to me   was   on the onboarding.   They still have 24 word seeds   even though it pretty much everyone has migrated   to 12. You know, we had put out a really good blog post last year about why 12 words basically offer, you know, the same security as as 24.  

[01:06:06] Unknown:

I read it. You know what's disgusting, though? And I I actually feel bad for myself and my stupid little brain. I read it. I was like, yep. That makes sense.   It's pretty damn secure,   and I still just can't get over I I still   every single time I make a new seed, I have to do 24.   I have to do a passphrase on top of that. It's just something ingrained in me where I'm like, 12 is less, not as good. Well, it's okay. You're you're,  

[01:06:39] Unknown:

you're allowed to opt into that. Right?   But I think with Ledger, what I what it felt like was the whole onboarding experience with seeds felt as clunky as possible.   Like, they had this big screen, but they show you one word at a time, and they make you verify one word at a time. And then the whole time in the app, they're pushing a free trial of Ledger Recover.   Mhmm. And so I think what happened is I think they intentionally   made the whole seed backup and   onboarding process as   difficult as possible   so that most people would just opt in to this Ledger Recovery service where they ask for your driver's license.   They   take your seed. They split it up, and they and they send it through their app to 3 different   custodians,   basically, custodial providers.  

And to get your to get your money back or your seed back, you need to provide you need the KYC, basically,   and it's tied to your identity.   And they're really pushing that in Ledger Live, you know, during the onboarding process.   And it kills me. And I'm I'm sitting here thinking, you know, for a while, like,   the only services that people are doing, that companies are doing are either, you know, buy crypto in the app   or this horrible attempt at, like, a backup service.   But I also understand   from their perspective   why they wanted to do it. Right? Because they want that monthly recurring revenue,   and they also want to make it actually easier   for completely new users   to get their hardware wallet and be quickly set up without having to write words down, you know, on a piece of paper. And so I I really understand it. Like, I understand   the reason why they wanna do it. I understand the the business model reason, right, to get the subscriptions.  

But what they ended up doing was just horrific. And the market, you know, knew that. Right? And there was this incredible   reaction   to it, you know, as soon as it was announced.   Or actually, it was leaked by mistake and then announced. Mhmm. And we're thinking very deeply, and we will have some cool offerings about, you know, how do we fix that same problem of the onboarding,   and then also allow users to sign up for, like, an optional service that makes it even easier,   but crucially   does so in a fully privacy preserving and sovereign way. So I'm sure when we announce all that stuff and we announce new devices and everything,   I'm sure I'll be on here, you know, showing it to you and trying to convince you why it's, it's designed in the right way.  

And they're gonna say, just shut up. I'm gonna keep using my 24 word seeds, you know, buried,   buried under ground.  

[01:09:28] Unknown:

Keep it simple.   I really don't like fucking around and changing stuff too much.   It scares me, and it I think it should scare people.   Things will change. I think it's like some of it is like the old school.   I came in and was taught a certain way.   This is how you do it. So when people start saying, oh, you can share me the secret share, and you can split this, and you put this on a this and do it. I'm like, no. I like steal. I like 24 words, and I like passphrases, and I have, like, a certain thing that I like. I am starting to come around more and more to multisig   stuff. I said to Q, I probably will fuck around and set something up and test out his skills,   see what customers are gonna be getting, how easy it is, but I'm sort of coming around a little bit to that. I think my main concerns with that were just, like, standing out in a crowd because transactions are different. And I think that's the thing where I was like   it wasn't, like, so much the technical side because, like, I know there are smart people who will help me, and I know it's not really that difficult if you're using something like Sparrow anyway. And I know there are a lot of benefits, but it's just still that thing where I'm like,   I like my privacy.  

That's the thing that puts me off.  

[01:10:45] Unknown:

Yeah. I think,   multisig   makes a lot of sense right now in its current form   for   organizations   or multiple users   where you need   multiple people   to sign   a transaction.   And the trade off, of course, is   an on chain footprint   and higher transaction fees.   That's gonna be changing with Frost   Mhmm. And   maybe some other new technologies.   But specifically, Frost is pretty cool because   you can have no different on chain footprint and   the same   fees   that you would get from a single sig transaction.   And you can make changes   to that multisig quorum   without having to sweep your funds.  

Mhmm. And that's where I think things will go. And I think when that's a little bit more mainstream,   you'll probably see some products.  

[01:11:44] Unknown:

It's like one wallet using it now, isn't it? We covered it, I think, on last monthly.   Who was it who did it? Is it Cake who did it? Or was it No. So the Cake did silent payments. They did silent payments. Who did Frost? There's like one person who would implement it. I'm honestly not sure. We did cover it, but I think it's, like, literally one wallet that has it at the moment. But, yeah, I think you're absolutely right. Like, once that isn't an issue, you can hide in a bigger crowd and the fees are different.   It makes sense  

[01:12:15] Unknown:

pretty much for everyone. Yes. And then it would also be essentially free for us to do cool things like you have a key on Envoy. You have a key on passport. It's just always a multisig.   Mhmm. And then if someone steals your hardware wallet,   they don't have your phone,   so your funds are still protected. There's some downsides there. Right? Like, if if you lose access to that envoy key, but maybe you have a third key sitting somewhere that's recovery and you could do that pretty well. And then all of a sudden you have,   one sides to doing it, but you have a lot more security.  

My biggest downside with Multisig today, especially the way it's implemented with some of these Multisig   services,   like the 2 of 3 multisig offerings of which there's a few different providers,   is that they treat the keys as disposable.   And so if you lose one of the keys in your setup, one of the signers,   no problem.   We'll just bring in a new signer. We'll create a new 2 of 3 multisig, and we'll sweep your funds from the old multisig to the new multisig.   Sweeping funds   is   probably the most horrible thing you can do for your on chain footprint because all of your UTXOs   get commingled,   and then you get this big fee. And if you want to do individual   if you wanna move your UTXOs individually, the fees can be astronomical.  

Yeah. Right. And so that's just what these services say to do. Right? You lose a lose a signer. No problem. Just sweep your funds. And Mhmm. To me and to, I think, the company, that's like an untenable   ask.   And so especially we we put so much work into the, coin control features of Envoy   with tagging and and making notes for your transaction.   As soon as we feel comfortable that we can do something   without all those, you know, penalties or trade offs, I think we'll do it. But until then, I'm still an advocate of, single sig as well. I have a request for Envoy, please. Sure. Sure. Yeah. Go ahead. Is it possible  

[01:14:16] Unknown:

to have,   when I'm labeling transactions,   to have more characters than I currently have? Because I don't know if it's just the way I label or not, but I often   have to, like, shorten things to a point where   it doesn't really like, I know it makes sense to me now, but then when I go back in 6 months, it doesn't really make sense. So I do a second   backup on Sparrow, and I write things out properly on Sparrow because I don't know what the character   length is. But it's like, if I wanted to write, for example,   sent from q and a   for   I wanna write biz, I I can only write b. So then I'm like, how do I re rewrite this? And so I don't know if it's like a may it might you might be like, oh, you just can't do it, but it would just be a nice  

[01:15:03] Unknown:

Are you referring to   the tags where you can kind of have, like, folders   for your   UTXOs, or are you referring to the notes field where you're you're actually making a note for a transaction?  

[01:15:16] Unknown:

Yeah. On that first page where you'd have, like,   incoming transactions   and, like, a list in sort of,   day order   in there if I was to actually put a note on that transaction,   not in the, oh, what do you call it? It's not folder you call it. We call it tags. Coins or Yeah. That's it. Yeah. I think the tags maybe doesn't have such a character limit. I can't remember, but it's happened a few times on the other bit, and I've been like, ah, and then I go over to Sparrow and I write it on there as well just so I have it. We'll have, we'll have q and a follow-up with you on that. We'll see if he's listening. I'm not gonna say anything to him.  

[01:15:54] Unknown:

Yeah. Making work for him now. Yeah. I'm gonna say, you know, Q, we we got a to do list item for you in the pod.   You you get to listen to my voice for a whole hour 20 to find it.  

[01:16:09] Unknown:

Oh, good. I gotta, wrap up the Well, yeah, you've got you've got things to do. It's been good to catch up, though. I like that we got to talk about some sort of, health and wellness stuff as well. That was nice. Yeah. I'd love to join you for that at any time too. I know you have some of these other pods. We we talk about that stuff. I'm,  

[01:16:29] Unknown:

I should just start posting about that stuff on Twitter. Right? I'm, You should. Yeah. I should become a health influencer.  

[01:16:34] Unknown:

It's much more interesting than a lot of the other stuff that's going on, and,   we'll definitely do some of those, especially now I'm trying to get into my health and fitness, and I need to bug you about water and,   putting these filters in and all these kind of things because I'm I'm going down all these rabbit holes. So we'll definitely do that, mate. Amazing. Well, I'm really excited for,  

[01:16:56] Unknown:

for you doing this thing full time, and I'm I'm looking forward to, listening to your new pod that just came out today with, with q and a. So,   Nice one. Excited to do many more of these.  

[01:17:07] Unknown:

Definitely. Well, enjoy, enjoy the beach, I think you said, that your brother Oh, yeah. And,   Yeah. Have a good time and, yeah, enjoy the holiday. We'll chat again soon. Thanks, Matt. Cheers, mate.   Thanks for listening. I really hope you enjoyed that as much as I enjoyed recording it. If you haven't already, then jump on to ungovernable   misfits.com   to check out our other shows,   news,   articles,   clothing,   and much more.   Stay ungovernable.