Hearing this Ledger news makes me chuckle a little, because I have maintained a distrust of vendors hawking “HSMs fix security” consistently.

BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

yeah, latter bit is by far the worse IMO. big difference between "if I install untrusted firmware, I'm screwed" and "if the new feature doesn't quite work like it's supposed to, I'm screwed"

I think the thing that’s ruffled so many feathers about it is that people felt like there was an implicit contract that Ledger couldn’t export your key and this update gives the device the ability, which is a double-whammy of “actually, they always could” & “just trust that we won’t do it unless you ask”

4 creatives @tfd + @tcm + @tcw + @tfm

{noyore.xyz}

Multisig, MPC, or truly airgapped cold storage, or a combination of some/all

So is a multisig contract like safe the best way to go?