Chat_156 - Simplifying Sovereignty with Praveen

January 08, 2026 02:30:11
Chat_156 - Simplifying Sovereignty with Praveen
Bitcoin Audible
Chat_156 - Simplifying Sovereignty with Praveen

Jan 08 2026 | 02:30:11

/

Hosted By

Guy Swann

Show Notes

"My problem with the core side has been what we talked about with the people that are technical and don't have the empathy or understand what it was like before you were [technical]. The core people are so dismissive and the hubris is so high that they dismiss these people that are not technical but understand Bitcoin as money right.

"I always say, like my Twitter phrase, Bitcoin is not open source software. Obviously that doesn't mean it's not open source, it's just so much more than that. It's not just a piece of software, it is money."

~ Praveen Perera

Managing private keys remains one of the steepest learning curves for new Bitcoiners. How do we get people off exchanges and into self-custody without the terrifying risk of user error?

I sit down with Praveen Perera, the builder behind Cove Wallet, to talk about his unique approach to simplified backups using Passkeys and encrypted cloud storage. We discuss the philosophy of building focused, single-purpose tools versus the 'super app' trend, and dig into the technical trade-offs of his architecture.

We also wander into the implications of 'vibe coding' with AI, the contentious debates around network spam, and why maintaining a diverse ecosystem of wallet implementations might be crucial for Bitcoin's resilience.

Check out our awesome sponsors!

Guest Links

Host Links

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: My problem with the core side has been kind of like what we were talking about with the people that are technical and then they don't have the empathy or whatever to understand what it was like before you were the core. People are so dismissive and like the hubris is so, so high that like they're like, they dismiss these people that are not technical but like they understand Bitcoin as money, right? And they're like, oh, you don't understand, like you don't understand how to program in C or you don't like, you don't understand like this technically. And Bitcoin is not an open source. I always say, like my Twitter phrase is, Bitcoin is not open source software. Right. And obviously that doesn't mean it's not open source, it just means it's so much more than that. Right? It's not just a, it's not just. [00:00:42] Speaker B: A piece of software. [00:00:43] Speaker A: Yeah, exactly, right. It is money. [00:01:01] Speaker B: What is up, guys? Welcome back to Bitcoin Audible. I am Guy Swan, the guy who has read more about Bitcoin than anybody else. You know, we have got a really great show today. I had a chat with Praveen Pereira from COVID Wallet, which is funny, I didn't have a lot of contact or interaction with Praveen before this. It was really just kind of a. This sounds really interesting. And he wrote a couple of things that I was interested in. The project he was working on seemed very parallel to some of the challenges that we were having with Pear Drive. And so I was like, man, this would be really fun to get on the show and talk about. And we had a great conversation. Praveen is a really cool guy and a shout out to him and thanks for coming on the show. It was a really, really fun one. We got into all sorts of stuff, really talking about the trade offs and nuance of how do you get an experience that a broad audience and user base can actually intuit and understand? And how do you get that sweet spot of the trade offs between solving one potential risk or one potential problem and leveraging something that has a risk in a different place? How do you judge what is best for the largest number of people to bring self custody in a way that is accessible by the public at large? And that's been a very, very fascinating and interesting problem that I've spent a very long time thinking about. We've talked about a lot on the show and Praveen and Cove Wallet in general and they've come up with a really fascinating balance, I think, to solving that problem as well as in general just having a really interesting tool and wallet. But I just really liked the way he was thinking about it and thought it would be a great thing to just bring on and kind of riff on, get his background and that sort of thing. And it was in fact it was very, very useful. And I've got a bunch of links for things that I couldn't even have been having trouble even digging back up. And so I really thank him for that if nothing else, because I've got like four or five different resources just out of this conversation that I'm like, oh, I'm saving this to go back into later. So shout out and hope you guys enjoy this one. This is going to be a really fun one. With that, a quick shout out to our sponsors. Leden IO for bitcoin backed loans to Synonym and pub key that's P u B k y app. They have a set of tools for re decentralizing the web. I talk about them a little bit in the show but if you are a builder you definitely need to check out the tools that they have available. Getchroma co I still have a discount code Bitcoin audible gets you 10% off and then lastly the HRF and the incredible that work they do with the Financial Freedom Report. Subscribe to that newsletter. Check them out. They are an invaluable resource for the stories and the tools for fighting for financial freedom around the world. And of course bitcoin's at the heart of that. So links and details, goodies, discount codes, all that stuff right down in the show notes and I've actually got a lot of really cool stuff bitcoin board game that I'm in love with. I just love playing it Discount code for that. I just got a discount code for crowd health literally and I'm going to have this available on the website too which we're launching literally any minute now when I actually have the time to go and spend an hour on it. But I will have all of this stuff available on the website. These are all services and tools that I use specifically and I try to get affiliate codes for for it and it's a huge help guys to it does wonders to help out the show. Not only to just share it out and everything but if you just use my links and almost all of them come with some sort of a discount and don't discount discounts. But yes check them out links and details in the show notes as well as on bitcoinaudible. Com and with that let's get into today's show. This will be chat 156 sovereignty built simply with Praveen Pereira. Well, dude, Praveen, welcome to the show. Welcome to bitcoin. Audible, man. It's good to have you. [00:05:20] Speaker A: Thank you. It's good to be here. [00:05:23] Speaker B: So, dude, let's actually start about. Because I don't really know much about you. I've just kind of like bumped into some of your stuff recently and I saw, I saw the wallet and you know, we had a little interaction with the, you know, talking about the backup stuff because, like, there's. There's still a lot of kind of like base frictions, I feel like in, in the bitcoin space or, or with bitcoin tools. And there's a lot of really interesting projects and ways of thinking about how to get around that for, you know, quote unquote, your, your normie audience, so to speak. And so I really wanted to just bring you on and get your take on it. But let's start with kind of how you got to where you are, you know, what made you a builder, what made you want to build and like, do a project like this. And the bitcoin space wallets are a historically very painful and long slogan without much. Without much monetary return. So I respect anybody who does it. [00:06:29] Speaker A: Yeah, yeah. I mean, so I got into bitcoin, like properly got into it. I would say, like, I consider it late, like 2000s. It was really Covid that got me into it. We can go into that if we want, but I think most people understand what I mean by that. And yeah, so I was a developer too, obviously back then. And you know, as you're a developer in bitcoin, a lot of your friends and whoever says, like, hey, you should work in bitcoin, or, you know, have you thought about working in bitcoin? Whenever that came up, my thing was always like, I don't want to build or work in bitcoin just to do it, you know, because I, I like my job. I liked. I. I was doing a lot of contracts. So it was very interesting and moved around a lot of interesting stuff, helped startups, um, like, get going and just interesting stuff. I like it. Right? So I wasn't trying to. I wasn't looking for something new. And my thinking was always, if I find something, if something finds me, if I find something in bitcoin that I find to be really interesting or that I really feel like I can bring something to it, then I'll do it. But I, I won't I don't want to just like, look for a project to do just because I want to work in bitcoin. Right. Owning bitcoin was enough for me. So I think how this really started was I, you know, I was on Twitter, obviously, but people saw me as a builder. I think when I Francis wanted some help doing BBQR implementation for his wallet and one of my friends tagged me in and being like, hey, just do this right? So I was. Had some time. I'm like, hey, some extra money, why not? I did it. And from there just different people reached out and like, this was something that some people asked, hey, like, have you thought about doing a mobile wallet? And my initial reaction was like, yeah, I mean, I had thought about it, but like, I didn't think there'd be any real demand for it because when you think of wallets that you think of that as like the most saturated space. There's so many wallets already. People love the wallets that, you know, they use. But the more I thought about it, the more I thought, hey, like, this might be something I'm interested in because I used a cold card and I use Sparrow, but I also use greenwall on my phone, so. Mm. But I was never able to actually, you. You couldn't use Green wallet with your cold card because basically, realistically, it was only possible to use it as a hot wallet. So I was doing those two things and basically the idea was like, hey, we, there are lots of great lightning wallets, there's good multi sig wallets, but there isn't a good simple bitcoin wallet that will work well with hardware wallet. Right? That wasn't true and I agreed because I had the same issue. Green Wall was my favorite, but I couldn't use it with my hardware wallet. So long story short, I guess that's how I approached it. And that is the guiding philosophy of COVID Because, like, so right now, proud of the UX and UI I've achieved. So, like, some people want, hey, like, are you thinking of doing multisig or are you doing lightning? But my answer is always for that is no first. You know, like, I start with a no because the reason I'm able to focus on the UI and UX of COVID and like, make it really simple is because it doesn't do too much. If we brought in lightning and multisig first, it would make the UI more cluttered and there'd just be too many, just too many things to work with and it would, it would make it less simple. Right. So. And also it would just make the surface area. There would be more things I would have to work on, so which means less time I could really focus on on the ux. So. Yeah. So for that stuff I say it's. It's not never. But if I can figure out a way to make it simple and when I do all the other stuff I still want to do then, then maybe. [00:10:47] Speaker B: What are your general thoughts about lightning? [00:10:51] Speaker A: Yeah, lightning is interesting. I use lightning, but I usually just use. Just use Custodial because to. To be honest, it hasn't been easy. Honestly. One thing I've been really excited by recently is I don't know if you've seen it, but money Dev kit I. [00:11:09] Speaker B: Did that rings a bell. I definitely have seen something about it. [00:11:13] Speaker A: Yeah. I would say they're like really quick explanation would be they're trying to be the stripe but for lightning. [00:11:21] Speaker B: Okay. [00:11:22] Speaker A: And they're. They managed to do it self custodial. So the guy working on it, Nick, he, you know he's. He's worked at. [00:11:29] Speaker B: Is that Nick Slaney? [00:11:31] Speaker A: Yeah. [00:11:32] Speaker B: Looked it up. [00:11:32] Speaker A: Yeah, yeah. He's been at. I think he was you know, high up on the the block side doing their lightning stuff. So he has lots of experience with the hearts of lightning. Right. Like liquidity management and all that stuff. So if anybody can pull it off, I think it would be him. And so far the stuff I've seen from them is like been really interesting and I like how he has. He seems to have a big focus on like making this easy for vibe coders. So I want to try and spin something up with that. Maybe, maybe like I don't. Things I was thinking were like, like a donation page for Cove or better yet like, like a feature request page where you could like the more like you pay, like the more use app, the higher that feature request comes. Something like that. [00:12:15] Speaker B: Yeah. [00:12:15] Speaker A: Yeah. So yeah, Lightning so far basically just use Custodial. But I think, I think you know, there's stuff that's interesting. The arc stuff is interesting. I know it's not like just straight up lightning, but. [00:12:28] Speaker B: I kind of put them in the same category. Like they're. [00:12:31] Speaker A: Yeah, yeah, maybe we can get there. But I mean even in the current state though, I think you know it's a huge win. I like Lightning. It's just, it's just not the right. There's like lots of great Lightning wallets and that do different things. It's just not the right fit for Cove. You know, Cove doesn't need to be Everything for everyone. [00:12:50] Speaker B: No, I, I, I totally agree. I have gone away from the all in one solution. Granted, there was, there was never really a time where I like, I think itunes when I was younger took me away from the whole idea of the everything app. Right. It's like this is just an astronomical mess. Like everything doesn't have to do everything. But I have increasingly. The more and more I've I guess just grown and used stuff. I just, I want stuff to do one thing, you know, Like, I just want to do one thing and I wanted to do it reliably and, and in like a very simple ux and then that's it. Like, I just want it to stay there and doing its thing and continue to work for me for as long as I need it to. [00:13:40] Speaker A: Yeah, it seems like the world goes through these like great bundlings and unbundlings where, you know. [00:13:46] Speaker B: Yeah. [00:13:46] Speaker A: Like there is Netflix and then or like there's like cable and then like you split them out off into Netflix and all that stuff and now the just paying 100 different subscriptions. But not the same thing. But. Yeah, but we seem to be doing that. [00:14:02] Speaker B: I get what you mean. Yeah. [00:14:03] Speaker A: But yeah, it's just much easier to do one thing really well than try to do everything right. [00:14:09] Speaker B: And specifically you get really, really good at doing that one thing when you're hyper focused on it. [00:14:15] Speaker A: Yeah, yeah, exactly. I mean, you could say the same thing for bitcoin. Right. The reason bitcoin is focused on being money, not JPEGs and whatever. [00:14:23] Speaker B: There you go. [00:14:24] Speaker A: Smart. Whatever Ethereum people call it these days. Right. And bitcoin is the best money because we're not trying to be. I know there's people trying, working hard to change that, but that's not what I want. Bitcoin is money and then everything else serves at the whim of that. [00:14:41] Speaker B: Yeah, absolutely. It's interesting. The money Dev kit and then Breeze SDK and stuff. Like these things are really interesting to me because. So like we're, we're getting to a place in their drive where, which, which is a project I've been working on for way too long. But we're getting to a place where we're talking about, you know, getting lightning and zaps and that sort of stuff involved. And, and it really is like, I don't want to touch like from the context of like building a wallet. Like, you're right. Like, I don't, I don't want to the com, the overhead and complexity and like that sort of thing. I want that completely offloaded to somebody else's framework. But we'll see what the solution or easiest thing is there. That's actually what interested me about Code Wallet. And I'm curious from the context of backups, and I'm curious because you said that you didn't want to build a wallet unless you felt called to. Like, like that something was like, oh, like this is something I want to do. What was that thing? [00:15:57] Speaker A: Yeah, I mean, for me the simple thing was like, if I'm going to build something, is, is it has to be for me at least the first thing is will I use this? Because you know, you have these grand plans, but if it doesn't plan out and like it turns out there's no market or it's not as big as you thought, worst case scenario, will have built something that I want to use. [00:16:20] Speaker B: Exactly, exactly. Build for yourself. Build for yourself. A thousand percent. [00:16:24] Speaker A: Exactly. Yeah. So, you know, there's all. And, and for the, for that, the answer is yes. Right. So now I used to. My main driver used to be Sparrow and then I would use Green Wallet here and there most like for little stuff. But now like Cove is my main go to wallet. Right. That's what I use most of the time. So that part is accomplished and you know, there. It wasn't a failure. There's lots of people using it. There's lots of people requesting new features. So. Which is great too. Yeah. But yeah, I think basically the theory that there is a market for really simple bitcoin because at the time, or even now, main chain is not the hype. Right? The hype is lightning arc, even like liquid and doing all these multisig, doing all these things together. So like Cove was like. Is the boring wallet. I. I forget who called it, but like the, the boomer on Chain Wallet. Right. And, and I'm. I'm happy with that. I don't, I don't need it to be exciting. I just want it to work and work well for me and others and yeah, that's been good. [00:17:31] Speaker B: Nice, Nice. So get me into this. Like backups. Backups are, are a thing and for the user, like the, the article which, which I saved but actually did not completely read through the whole architecture and everything yet. If, if, depending on how far I get through it, it might be worth. It might be worth an audio read, but I don't know, there's some parts of it seem a little technical, so that's hard to do in audio. But I'm curious what your thinking around this was like, how did you how did you enter and address the problem of backups for like a typical user and give me, give me your whole framework about the why and how for this. [00:18:20] Speaker A: Yeah, so backups I approached in a similar way to the wallet in that I didn't launch with like cloud backups because from what I knew and what I thought at the time. Well, first, obviously I had to get the wallet completed and do all the basic stuff first. Right. But the other thing was I didn't want to do a half a half assed or half ass is not a good word. It just mean like I, I didn't want to do a wallet or backup solution that I wasn't fully happy with. [00:18:50] Speaker B: I mean, half ass is, is fair, I think, because it's, it's not even that, it's not like half assed, like the level of attention. It's, it's half ass. It's, it's compromising on too many things for the sake of convenience. You know, there, there, there's a lot of those quote unquote solutions out there, but they present themselves with a pretty substantial risk. And, and you know, if, if you want to build something new, it's like, why would I build the same thing? You know, so I get. [00:19:21] Speaker A: Yeah, exactly. And I'm actually kind of happy you didn't read it because now I can, you know, you can hear for the first time and then you can tell me your initial reaction. Yeah, I mean, I don't want to, on any of the, the previous solutions, anything like that. [00:19:35] Speaker B: Oh, but they make great clips on everybody. [00:19:38] Speaker A: I, I, you know, I don't have problems on people. I don't know if you've seen my tweets, but I, I go at it with the core people. I'm, you know, a lot. So it's not that but like when it comes to technical stuff, it's just like I understand the trade offs they made white, they made it like this solution that I, that I'm implementing wasn't really possible in a cross platform way until iOS 18.4 came out, which I have an article exactly when that was, but it wasn't too long ago. Right. So, but okay, so to start from the beginning, basically when it came to cloud backups, the solution that I thought was like really good was Phoenix Wallet. So Phoenix Wallet, you go in and you can enable it and they have, but they have all these scary checkboxes saying basically, you know, if the NSA and Apple collude, basically they can take your keys, which is true. And the reason that's true is because it uses, it stores your encrypted backup in icloud. I think it's called CloudKit. But basically unless you have this specific setting in ICloud backups called ADB Advanced Data Protection, which if you don't have that enabled, you should go enable it because what that does is it makes all your backups end to end encrypted. So Apple can't, theoretically can't wait. [00:21:06] Speaker B: This is a setting setting that you can turn on? [00:21:08] Speaker A: Yeah, it's in iOS iCloud settings, I think it is. [00:21:11] Speaker B: I'm kidding. I'm going to find that right now. I'll, I'll, I'll do like a little like 1, 2, 3 steps for people in the comments. So if you're, if you're listening to this, what was the adp? [00:21:22] Speaker A: Adp? Yeah. Advanced Data protections. So if you just search in the settings. If you search advance, it should, it should come up advanced. It's in app, Apple account iCloud, advanced data protections. [00:21:37] Speaker B: There you go. [00:21:37] Speaker A: Yeah. So is that turned on for you or. [00:21:39] Speaker B: No? Uh, it is not. [00:21:41] Speaker A: Yeah. So it's, it's not, it's not default, but you should, any, anybody listening should definitely turn it on. Basically it turns all your backups into end to end encrypted backups. So Apple can't, don't have the keys to decrypt it. [00:21:54] Speaker B: Okay. [00:21:55] Speaker A: Um, but for whatever reason it's not default. So for the Phoenix icloud or Phoenix backup solution, I think for that, if you had turned that on, if you already had ADP turned on before, that would be end to end. But you know, it's no guarantee. But you know, for most people's threat models, like the Phoenix wallet solution is actually pretty good. Like, especially if you're a hot wallet. Right? Like you're not. [00:22:20] Speaker B: Yeah, yeah. You shouldn't be keeping 20 bitcoin on that thing. [00:22:24] Speaker A: Exactly. If you're worried about the NSA coming after you or Apple stealing from you, like the best solution, just, just get a cold card or whatever. Right. But still I wanted to see if I could do better. The next one I saw was the Phoenix. Not Phoenix, sorry, the Kraken wallet. Theirs was interesting because they made you create a passkey, which I'm like, I was wondering like, what's up with this passkey stuff. However, it was only iOS and then as I was working on this bull, Bitcoin came up with a pretty good solution. My only problem with that, it was just like technically complex. There's like a lot of moving parts, you'd have to run your own server. I was not interested in running my own server. And then also if you're running your own server, that could be like the server can't steal it. But you know, if, if, if the server goes away or you know, the server loses data, then that could compromise your data. Right? [00:23:22] Speaker B: Right. [00:23:24] Speaker A: So basically what I came up with is you can create a passkey and then using passkeys, there's, there's a way to. You basically use passkeys to encrypt. Encrypt data. The nice thing about the passkeys is a, it's end to end encrypted. Right. So there's no settings. It's default, it's end to end encrypted. And icloud. And Apple, if you create passkeys through them, it's also synced to multiple devices. Right? [00:23:54] Speaker B: Okay. [00:23:55] Speaker A: Also, if you're using something like bitwarden or 1Password, any of that, they all have passkey support. That's again with the Kraken Wallet, you're not able to use any of that. It's just basically only on iOS, only if you're using icloud passwords. For the. As the password Manager, I use 1Password. So when I started using Kraken like to check it out, I couldn't, I couldn't set it up unless I disabled it. [00:24:21] Speaker B: Gotcha. I have a quick question. I'm going to interrupt right here. Hold, hold that thought for where you're taking this. Can you give me a rundown? Because I actually looked in the passkeys briefly, briefly. But I don't know, I don't have a stronghold on exactly how they work, as I understood they were like just kind of like a remote signing rather than an encryption tool. And I had a short conversation with Perplexity on like the different ways that I could use it. But I mean, you know, obviously AI is, is wrong as much as it is right. And then it will tell you you're absolutely right when you're wrong. So, you know, you have to kind of fight with it a little bit. But give me kind of the, the big picture overview of the passkey and how it works and, and how it applies to this situation for sure. [00:25:10] Speaker A: So yeah, I think that's another reason people have not done this because I think Bitward might be doing a lot, a little bit of this. And then I saw the signal founder Moxie talking about this. But not a lot of people are using passkeys for encryption. So you're Right. But passkey is kind of actually very easy for Bitcoiners to understand because passkey is just public private cryptography, which is what Bitcoin is. Right. So in Bitcoin obviously you have the private key, which is your seed words. Right. And then the addresses that are derived from your public key. Right. So usually how passkeys work is when you sign up to our website, you register your passkey, which basically means you give that website your public, the public key from that key. So when you come back, the, the website says here, sign this message, right, with your private key to prove that, that you are the owner of this public key. Which is basically exactly how Bitcoin works. Right? That's how it works. [00:26:16] Speaker B: So it's just local keys. So it's no different than. This is the desperate thing that we have needed to adjust the Internet to for a really, really long time. It's just no username and passwords. I mean obviously you can have a username, but like you're not just giving your password over to anything you're signing to prove something. How does Apple handle that then for a passkey on the local side? Because, you know, that's, as we say, that's exactly how Bitcoin works. Right. But then people lose their seed phrase, you know. So like, how, how is this managed in kind of the Apple environment to, to quote unquote, protect that ascii. [00:26:56] Speaker A: Yeah, so basically in the Apple side, you're not able to create a passkey or use passkeys unless you have the icloud account like set up. The reason being, yes, passkeys are local, so if you don't have ICLOUD sync enabled, then you wouldn't be able to access from your other devices. So when it is enabled, the passkey is encrypted locally encrypted using your basically your Apple credentials. So it's still encrypted locally. Client side, Apple can't access it, but it will be available on your other devices. [00:27:30] Speaker B: Yeah, right. [00:27:31] Speaker A: So you won't lose it. But yeah, so that's how it usually works. It's just like a message signing thing. It's a, it's. I don't know if you'd like some people. Like, it's like how you can prove that you are the owner of like, let's say an address. [00:27:45] Speaker B: Yeah, yeah, yeah. You can do that in a wallet. [00:27:47] Speaker A: Exactly. [00:27:48] Speaker B: Usually in the advanced settings, but it's there. [00:27:50] Speaker A: Exactly. So there's some other stuff to it to other protections that like, you know, to Prove the. Another. Basically the nice thing about passkeys is you can't. It's anti phishing so you, you can't log into a different website with, with that. [00:28:07] Speaker B: No man in the middle. Attack man. [00:28:08] Speaker A: Yeah. [00:28:08] Speaker B: Good God, like need that so bad. [00:28:11] Speaker A: Yeah. So I think the, like, I think Paschi should be more popular, but I think a reason it's not as. This can be hard to explain, but at the very basic level, it's like very simple, right? You just prove that you are that person by signing a message. But yes, to get to it. At the very basic level, passkeys have a private key, right? And you can encrypt stuff using private keys. Passkeys were designed not for encryption but for signing. However, there's an extension called prf, so pseudo random function that basically uses the private key that if you give an input, will always give the same output. Right? [00:28:51] Speaker B: Okay. [00:28:51] Speaker A: So that's how you can derive. So the passkey private key never leaves the passkey because that would be insecure. But you can create your own key by saying here, you know, for this random string of letters and numbers, give me a different random set of letters and numbers that, that's derived from the private key in the pass. [00:29:17] Speaker B: Okay. [00:29:18] Speaker A: Does that make sense? [00:29:20] Speaker B: Yeah. Yes. So let me try to explain it back. So is, and, and this, this derived thing is the actual key, right? [00:29:29] Speaker A: Yeah. So this will be the key that I use in code. [00:29:32] Speaker B: Yes. Okay. So essentially you have, you're, you're, you're mixing your passkey with another secret in order to create the actual keys to the coins. Which, that other, that other secret could be a seed phrase or it could just be a random password or a pin or anything like that. And, and so you're, you're essentially using the derivation. So the passkey itself is the access to recreating that key, but it's not actually the key itself. Understand that? [00:30:07] Speaker A: Yeah, yeah, that, that's, that's correct. If we're going to start from the very beginning, a private key is just a random string of letters and numbers. Right? So it's 256 bits. So. [00:30:17] Speaker B: Yeah. [00:30:18] Speaker A: Starting from there. Yeah. The only thing is that the, the thing I send into the passkey doesn't have to be a secret. It can be a static string. Right? It could be. It doesn't matter what it is because it's just a way of getting a new private key from the passkey without actually getting the passkey secret. Because we don't. Like, we don't pass keys would be Very insecure. If you could get their actual key out of it. Right. You're just using it to make a new key, basically a new random string. [00:30:48] Speaker B: Yeah, man. Honestly, like just every, every mechanism or like, kind of design that I've come up with this, it just makes so much more sense to, to have key derivations so that you have like hierarchically important keys, you know, because, like, it just seems like that's the only way this is actually solved for people at a, at large scale because it allows you the option to revoke things in certain contexts and it allows recovery and being able to treat the actual place where the keys are created as like super important and offline and, and then the place where the keys are used as online and hot and they can. They, you know, everything in its own place. Um, but anyway, just the, the idea or whatever around this or the, the kind of framework has always been like there has to be a solution there. You know, that's always been the way. I've been thinking about it for a long time now. Okay, so, so then walk me through how Cove uses this. [00:31:53] Speaker A: Yeah, uh, so I'm still working on it, but uh, basically the design is, it's. It. There's two, two parts of it. Right. So what I just, just described is the passkey is basically where your encryption key is, let's. Let's say stored, right? We discussed how it's derived from it. But, but then what you can do is you take that encryption key and then you can encrypt all your wallets that you have on device. Right now that these wallets are all encrypted with this encryption key. You can store those encrypted wallets anywhere you want and nobody can access them because they're encrypted by this key that like, you'll only you have access to. Right? So which gives us a really nice design of at, at the beginning on I. On iOS, it's these encrypted wallets are just going to be stored in icloud Drive or like there's, there's all these different places you can store it on iOS, um, and then in, in the Android side like Google Drive or wherever, and these are all encrypted. Um, so then when the user comes back, let's say with a new phone or they lost their phone, whatever, they just need the passkey, right? And then they, and they need wherever they stored these encrypted backups. And then with these encrypted backups you can, you know, you can add some Redundancy. You can late like the name V2 might be. Store it in not just icloud, but also Dropbox or Google Drive, wherever you want because you can have multiple copies. They're all encrypted, right. There's less chance of losing it. And as long as you have your passkey and these encrypted blobs, basically you can access your bitcoin. Caveats to this, obviously it's still. It's not a substitution for a cold hardware wallet, right? Like, this is just a way of making hot, hot wallets easier to use. And you. Like, like just. I just want to get the users up and running without worrying it about it too much and actually having some backups. But ideal. But I really want to guide the user through like this, this journey, right? Like you start off with a hot wall, it's automatically backed up and then maybe you actually write your hot wallet seed words down just as like, hey, this is like another layer of security for me. I can have it on offline backup and then the user create gets some more bitcoin. They get up to whatever standard is like, hey, this is a lot of bitcoin for me. Why don't invest in a hardware wallet, right? Like that is where I want. I don't want this to be the end point. It's just like a much better starting point. [00:34:34] Speaker B: It's a better entry. [00:34:35] Speaker A: Yeah, yeah, better entry. [00:34:37] Speaker B: That's another thing, man. That is another thing. That. And you know, it's maybe just the, the rage baiting comments on Twitter or whatever. I think it's often referred to as maximalists, but I don't, I don't think of it that way. I think of it as like purists, is that there's, there's a total lack or loss of nuance in like the range of, of solutions to be had. You know, it, it's, it's very much like, like, like there's probably somebody ready to tweet about the fact that you said you use lightning, but you usually use custodial. Yeah, but it's like, but it's like to me, it's like, no, that's a perfect place for it. And I don't even see that as like a huge trade off because we're talking about small amounts. Like, like the, the degree of concern should explicitly be tied to the degree of risk. You know, like, like if you, If I have five bucks on a custodial wallet or 20, 20 bucks worth of bitcoin in a custodial wallet, I'M just using it to zap people. It should get $20 worth of treatment of my time and concern. And if that's custodial, that's not that big of a deal, you know, like my, my cost in. And if that goes wrong or if they rug me or whatever isn't okay, like, I'll just be like, I cannot believe I trusted these guys. What a bunch of douches. And I'll post it on Twitter or something and I'll get on with my life, you know, but it's like I'm supposed to, you know, and I do, I do. I have a, you know, start nine and I have my own lightning node and I have Luna node and my own BTCPAY server. But still, a lot of times I just use custodial because it's like, okay, who cares? You know, Like, I'd have to go connect it to Nostra Wallet Connect, which is like three steps, which is not, sometimes not worth it to me. But I love the idea of a entry point of getting people from, from 0 to 1 incredibly quickly and incredibly low friction. And then as they get more invested, leading them to, or giving them the allowance to make the decision or realization and, and directing them through the process of having a hardware wallet or being much more serious about their backups and, you know, that sort of thing. So I don't know if that's like, ever been a sticking point with you or how, how your philosophy lines up with that, but. [00:36:57] Speaker A: No, I, I fully agree. Like, I think some people take like the, the pithy like one liners, like not your he's not your coins and then just like turn their brain off completely and don't think like, what does this actually mean? Right? [00:37:10] Speaker B: Yeah, yeah. [00:37:11] Speaker A: The loss of nuance. Honestly, I don't see it too much. I feel like my, my Twitter is pretty curated. If you're going to be that stupid, I'll probably just mute you because. Come on, let's use our brains. What are we talking about here with lightning? Custodial Lightning. My thinking is if I'm not comfortable with having this much money in my wallet, like my physical wallet, that's how much I'm going to keep in my lightning custodial wallet. Because like, you always have the chance of some like, losing your like, physical wallet. So you're not going to keep thousands of dollars in there, right? So for me, same thing. There's the right place in time for all these solutions, right? So like, like cove the hot wallet feature, we're not trying to, we're not trying to replace cold card or whatever ledger, right. We're trying to. We're trying to meet like with this whole backup thing is maybe like some, some people I know that have their bitcoin on exchanges but are too scared to bring it somewhere else. Maybe they might be like, hey, this backup seems pretty cool. It backed up. I don't have anything to worry about. And now I don't have to worry about being locked out of my exchange account and losing all my Bitcoin. Right. So yeah, there's levels that I completely agree with you. Just let's use our brains, let's have some nuance with all these things. Maximalism is good, but yeah, let's just think about it a little deeper. [00:38:40] Speaker B: Just give it a moment to pass it through your brain and fire some neurons off and then think about what your response might be or how to apply it. So walk me through the process. I mean, I think I got the overarching idea, but walk me through the process of like, let's say I set up this wallet and I'm trying to recover it and what are the, what are the relative like kind of attack vectors of this? Because we're encrypting the secret or the, the random thing. I already forgot exactly what it's called with the passkey and then using that and the. The passkey itself to derive a seed. Is that right? [00:39:30] Speaker A: No. So it gets a little complicated, the full design. Just because one thing I wanted to do was make like, make it easy to rotate out a passkey. Like what if a user accidentally deletes the passkey or wants a new passkey? I wanted to make it easy. So let me try and explain this. If it gets like too often to the weeds like you let me know. But basically the way. And I wanted this whole thing to work with even if don't enable cloud backup, like I wanted the story to be easy. If they enabled cloud backup later, what will happen is when you open the app, we will create a local local private key that's just on your local device. Right? And then anytime you create a. And yeah, so that local private key is there and anytime you create a new wallet, when we split store that wallet seed. On the device, we will encrypt. This part is a little like unnecessary because we're already saving it in the secure element on the phone. But we will encrypt that with that local private key. We just did. But the reason for that become clear later. But then if you enable cloud. So that's like the master key that I'm talking about, that is the master key. It's created, it's just, right now it's just local. Only if you create a passkey and enable cloud backup, what we do is we will encrypt that master key, right? [00:40:59] Speaker B: Okay. [00:41:00] Speaker A: Master key with the passkey and then we will store it in icloud, let's say. Okay, and now that's, now that we have the encrypted master key in icloud, we can take those encrypted wallets, right, that were already stored locally encrypted, we can store them in icloud. So then, so then the recovery process is if you come a clean slate, you start up the app on a different phone. Let's say you see all these encrypted local, not local, encrypted blobs of data on icloud and you see this one of these blocks, blobs. We say this is the master key, right? So now we have, we'll download all of that. So now on new device, I have all the encrypted seeds and the encrypted master key. Now I just need to go to the passkey and get the decryption key for that master key. [00:41:54] Speaker B: Okay. Okay, gotcha. Okay, so the, the encryption is the original key that's being used. And then wallet keys are derived from that. And, and the pass key, it's not derived from it. [00:42:08] Speaker A: We, it's the. All the wallet. [00:42:10] Speaker B: It's just encrypted. It's just an encryption key. [00:42:12] Speaker A: And the reason for that is because that way, um, we can backup imported wallets too. Right? So if we derived. [00:42:20] Speaker B: Oh, that makes sense. [00:42:21] Speaker A: Yeah, if we derived wallet keys. Yeah. [00:42:23] Speaker B: Okay, so that makes perfect sense. Yeah, if you, if you derived them all, you couldn't pull, you couldn't have a backup of, you know, let me import my seeds, let me connect this wallet, you know, that sort of a thing. Now that makes, that makes perfect sense. You want one solution and you don't want to have to build two different systems for two different types of creating or putting a wallet in there or putting keys in there. Okay. Okay, so interesting. So this is, you talk about this as a universal kind of like backup solution for like a simple wallet thing. Is this something that you've been trying to build or at least it was, it was mentioned that way in the article. Is this going to be like kind of like a dev kit? Are you just thinking about like, oh, no, this is just a method that people can copy over and use how are you thinking about it in that context? Because honestly, for most wallets this would be better than the default for the majority of people, in my opinion. [00:43:23] Speaker A: Yeah. So just going back in the story a little bit, the bull bitcoin method of doing things is derived from away a spec called, I think it was called Pro Proton Spikers. I, I forget Photon Spec. [00:43:40] Speaker B: I was about to say it says Photon in your article. [00:43:42] Speaker A: Yeah, yeah, yeah, yeah. [00:43:44] Speaker B: So I thought, I wondered if it was misspelled but then I was like maybe, maybe that's right. I didn't look it up. [00:43:49] Speaker A: So when I was developing like this idea, I just reached out to some people I know like, hey, like what do you think about this? And Justin Moon put me in contact with Tank Red Hayes, who's the guy that made the Photon spec. [00:44:04] Speaker B: Okay. [00:44:05] Speaker A: Yeah. I was telling him about my idea and he really liked it because he, he, he was doing this Photon Spec, but he wasn't in love with it even like either because of the requirement for the third party server. And he didn't know about PRF at the time, which is basically a way of turning a passkey into an ability to do encryption. So he really liked it. He helped me with some of the stuff I was missing and basically he said let's, why don't we turn this into a spec? Because if you're going to do it for Cove, I'll do it the same way on mine. [00:44:42] Speaker B: Is that the stash pay that you mentioned or is that okay? [00:44:45] Speaker A: Yeah, yeah, stash pay. And then I think the idea just being that this is a problem like any wallet developer needs to solve. So why don't we just turn it into spec so that anybody can implement it and we'll do it the same way and then maybe in the future, like I don't know if this will be possible and it's not like an end goal, but maybe if users want to migrate Wallet, maybe they could, like if they're both using the same spec, maybe they can migrate the backup too. I'm not sure. And even if that's not possible, I think still having a spec is valuable just because, because then one thing we want to do is hopefully have some security people review this. Right. And see is this a good solution. And then if it is, it's just better for everybody to implement the same spec that's been reviewed and all that. [00:45:35] Speaker B: Yeah. What do you think the risk is? And the attack vector is from Apple side. [00:45:43] Speaker A: Yeah. So from the Apple side it would basically be, they would have to be lying about passkeys, they would have to be lying that passkeys are end to end encrypted. And I think this might be a sticking point for some people. Just because it's not open source, there's no way to actually verify like hey is this. And maybe you can get some confidence, but there's no way to be 100% sure that these passkeys that Apple creates and shares or syncs with the devices are actually 100% end to end encrypted. But then you're basically saying that like Apple is lying about all their end to end encrypted stuff and none of it is end in encrypted. The other attack vector would be like a denial of service. So if we're only storing on Apple like icloud and you lose access to that Apple account or like you get locked out and if the passkey's on there, then you could lose your Bitcoin if Apple locks you out. But there are some ways around it. Well, first thing is obviously we're always getting like allow people to do offline backup with seeds, right? So like the seed will like you will like that's like the gold standard. But the other thing about this solution is that it works not with, just with Apple, but like if you're using 1Password you can store the pass, gain one pass, right? And then you could with a v1 we'll probably only let you store the encrypted blocks in blobs in icloud just because it's easier. But V2 I will give the option of storing in those encrypted blobs in multiple places. Right? So just add some redundancy for losing access to it, but in terms of actually like stealing it, basically, yeah, Apple would be lying about your, the end to end encryption or your phone is compromised in some way. But then like it's a hot wallet so you know, you would have already lost it. [00:47:45] Speaker B: Yeah, yeah, yeah. The what's the. It's like the name is. It's like a Phoenix chimera. What, what is the what's the what's the thing? The, the poning software the CIA like contracts out to a bunch of authoritarians. [00:48:06] Speaker A: Yeah, I remember what you're talking about. [00:48:07] Speaker B: But if I forget, I cannot remember the name off the top of my head for some reason. Oh God, this is gonna bother me because I absolutely should know it. It's like, it's like a, it's like knowing an actor that you talk about all the time and it's like, oh yeah, I love their movie. And it's like, what's his name? I'll think about it before the end of the show probably. But yeah, if you're, if you're, if that's your attack vector, if that's like your, your risk assessment and you're worried about that, then you should, shouldn't be keeping a hundred thousand dollars on your phone. You know, like, that's really the, that's the concern there. So that's, that's, that's why I think this makes a really, really interesting. [00:48:52] Speaker A: Kind. [00:48:53] Speaker B: Of middle ground that's very safe from. Obviously there's going to be like edge cases and there are big, much bigger adversaries. The state, the nsa, Apple, like that sort of thing, which this remains vulnerable to. But I think people just don't respect or kind of forget because especially bitcoiners. And you know, I used to have this. It wasn't until I lost keys myself that I, I was always thinking about, like, oh, okay, what do I do if the police come and bust me down because I'm an illegal bitcoiner? You know, like, like it was. My attack vector was always the big scary, like distant enemies. And it was easy to forget that that 99.9% of your biggest, your biggest enemy is yourself. Your biggest enemy is your backup. Your biggest enemy is your failure to go through your process or your ritual every single time you make a wallet and then forgetting and starting using it a lot more than you thought because it's just a fun, it's a good wallet. And you're like, oh, well, I was just testing this out. Now there's $10,000 on how the hell did that happen? And, and that for quote unquote, normies for, for new people, that is, that is not, you know, if you can solve 99% of the problem and you know, everybody's complaining about the other 1%, that's a, that's a huge leap forward. You know, like, it's like, okay, yeah, sure, we haven't solved the whole NSA and Apple colluding problem yet, but damn it, we've solved something. [00:50:36] Speaker A: Yeah, yeah, for sure. No, I agree. And like, yeah, I think the thing is, like, if you're worried about the NSA and Apple colluding, the only real solution for that is a hardware wallet, right? Because like, no matter. Because it's not like your backup that would get pwned. It would just be your wallet itself on your phone. [00:50:56] Speaker B: So they would just overtake your phone and then start doing stuff and you'd be like, oh, oh shit, what's happening? [00:51:02] Speaker A: Yeah, exactly. [00:51:03] Speaker B: There was. Who was it that. One of the big kind of contrarians in the 2020. Actually, no, Tucker Carlson talked about that too. Actually is that I found out that like, like a bunch of his stuff was just like directly spied on and like listened into like through his phone, that his phone was compromised. I spoke to somebody at the Oslo Freedom Forum in. I think it was 2019. No, no, no, I had to, I had to do a COVID test. So it was like it had to be 2020 or 2021 when I went just for the travel and all this stuff. But I talked to somebody who was. I cannot remember under what regime it was and what country because I talked to a bunch of people, but they had just, they had been pwned by, by that, that software. And they're like, yeah, it just, it's just, it just takes your phone. [00:52:01] Speaker A: Yeah. Was it Pegasus? Was that the name? [00:52:03] Speaker B: Pegasus. Pegasus, Jesus. Like Chimera Phoenix. I knew it was some shit like that. [00:52:08] Speaker A: Yeah. [00:52:09] Speaker B: Thank you. But, but yeah, just completely like stole their digital world. It just over. And it was apparently like on contract through like US intelligence agencies. And they were just like, it's like a totalitarian regime. It's like, can we use this? And they're like, sure, here's a. Pay us a little bit of money, let us sell you our like invade everyone's rights and destroy their digital world software. [00:52:38] Speaker A: Yeah, I think Pegasus is developed by an Israeli firm. [00:52:42] Speaker B: Of course. Yeah, of course. Why wouldn't it be? Dude, you know, not to get on this freaking rabbit hole. But, but did you know that this is just a crazy thing that I, that I read the other day and I, I started into the verification of it. I was just like, you gotta be kidding me. This is so bonkers. You know, if we wanted to make an assessment of, you know, who the bad guys were, like, I feel like a decent metric would be like, okay, who's killed the most kids and innocent children and women and who has manipulated and directly and violently influenced or controlled elections countries all around the world. [00:53:33] Speaker A: Right? Like. [00:53:34] Speaker B: Like that would be a decent metric. Like that, that is, that's as, as an American, those are the things in which I am embarrassed about for my government and why I do not think of my government as part of my country. Right? Like my government is bad because of the things it's done in the past. And that is not me. That is not the, that is not my countrymen, so to speak. That is that is an evil government that has basically taken our resources and done terrible things. And, you know, the whole, the whole. In Iraq, 300,000 children died. And it's like, who, who the hell was it that said it was like Pelosi or somebody? I can't remember. It's like, that was. That was an okay cost. So sure, that was, that was great. And I just like, I just like the insanity of that. But I read a statistic that not counting all the suspected ones, but the known, the absolute. Like a person has been politically assassinated from a foreign country to influence or completely control like a political course or whatnot. The number one country that has engaged in more direct political assassinations that are confirmed is Israel is the Israeli government. And I was like, holy crap. And then the number one cause of child mortality in 2025 is the Israeli government. [00:55:04] Speaker A: That makes sense. [00:55:05] Speaker B: And I'm just like, like, how do you. What metric do you use to tell who the bad guy is? You know, I just, I don't know. And just. Yeah, this is mind boggling to me. [00:55:16] Speaker A: The interesting thing about Israel, I think, is that anybody under the age of 55 from both sides of the political aisle is seeming to come into a consensus of what and who Israel is. [00:55:30] Speaker B: Yeah. [00:55:30] Speaker A: So that's been interesting to watch. [00:55:33] Speaker B: Yeah. [00:55:34] Speaker A: You know, like, the left and the right can agree on anything, but. [00:55:39] Speaker B: A. [00:55:39] Speaker A: Lot of politics are. I think a lot of stuff is becoming less about left and right and just like age space now, like, the boomers seem to believe completely different things from, like the Zoomers, let's say. [00:55:50] Speaker B: Yeah. Yeah. Which is. It gives me hope. And it's also very, very telling that the issue cannot be talked about or the, the argument cannot be countered. Like what. Like what I just said will immediately. Like, it'll probably get clipped or there'll be a post on something that I'm anti Semitic. [00:56:10] Speaker A: Yeah. [00:56:11] Speaker B: And. And I notice that there are no counter arguments that are not. You hate Jews. And notice I did not bring up Jews at all. That would be like saying that, like, oh, I believe America did bad, did a terrible thing in Iraq. And it's like, you hate white people. It's like the. Like, where did. Where did. How a. How is America white people? How is. Or the United States government Not even, not even America. How is the United States government equivalent to white people? Like, where in your crazy psychotic brain did you establish those two things as equal? And then the same Israeli government. Like, it's a government. Like it's a. Like, like, like, if I said the Russian government did something bad. You hate people who live in cold weather. You know, like, what the fuck are you talking about? But that'll happen. That'll happen because that's the only argument against it. You can't justify it as the Israeli government has done something good or positive. You have to just. You have to. You have to dodge. You have to aggressively run right around those things and. And scream the goalpost to the other side of the field, because you cannot allow that conversation to happen on a. On a sensible grounds. [00:57:19] Speaker A: So. [00:57:19] Speaker B: So I'm. That. You heard it here, folks. Guy is anti Semitic. [00:57:24] Speaker A: Well, I think what's interesting is, well, I'm living in the States right now, but I'm a Canadian citizen, right. So I have to worry about crossing the border and all that stuff. But with all that, I wouldn't, you know, I like Trump. I. Or, you know, I. [00:57:40] Speaker B: Relatively speaking, yeah. [00:57:41] Speaker A: Might have changed since then, but, like, with all the border and stuff, I wouldn't think twice about talking shit about Trump on a podcast or even Biden. Right. Or like, just like going in, like, you know, these people, like, like, even having Trump derangement syndrome. I wouldn't. If I had that, I wouldn't. That's not something I would have. [00:57:59] Speaker B: Think about for your life, you know. [00:58:02] Speaker A: But now while you're talking about all this, here I am thinking, hey, like, I'm gonna have to cross the border. Like, I'm living here. How much do I want to criticize Israel? Right? So with the First Amendment and all that, it's almost like Americans. I'm not. I'm not American. But, like, it seems like. [00:58:21] Speaker B: Which considering kind of puts you in. Like, in crossing the border, possibly puts you at greater risk maybe. [00:58:30] Speaker A: Yeah. That's what I'm trying to say is like, I have a greater risk to criticize Israel than I would the American government. [00:58:35] Speaker B: Yeah. 100% and kind of weird. If you want to know. If you want to know, you know, who controls things. No, who you can't criticize. Right. [00:58:45] Speaker A: I have heard that quote before. Yes. [00:58:47] Speaker B: Yeah, yeah. Anyway, that was. Didn't intend to go down that route, but back to Bitcoin and backups. So could this be generically applied? And I'll ask, because we've been thinking about. I've been trying to come up with a bunch of different solutions to the paradrive key problem. [00:59:10] Speaker A: And can you tell me a bit more about pair drive? [00:59:13] Speaker B: Yeah. Yeah, I guess you probably don't know anything about it, so. In fact, most people don't unless they listen to my show and I about it a lot but it's, it's funny. It's actually kind of intended to solve this problem with icloud backups is, is I don't trust icloud generally. I mean I would for like a simple wallet and I mean I do all the time, right. Like I say I don't but I have icloud. I pay for the extra amount. I do full backups of my phone and multiple wallets right. So like I have quite a bit in Phoenix and I trust them enough to do backups for that. So this would be a perfect solution in the realm of like hot wallets and like how I do things. And I want to have a solution to make this very easy for users right is I, I want the kind of sign in with Apple option for people. But one of the things we're also doing is we're, we want the quote unquote ID or the profile to be a noster identity. And this is simply because we looked at Pub key as well. I looked at multiple solutions actually and it's really just because there's already relay network, there's already kind of like established framework and would it would onboard people without them necessarily needing knowing why or how they're being onboarded and they can already start utilizing things right away commenting on other stuff, liking people's posts and you know that sort of thing and basically gives a social world to this app in a very simple low, low cost way for us as, as builders. [01:00:58] Speaker A: And is the app gonna be like a backup app or is it something. [01:01:01] Speaker B: It's a backup app. [01:01:02] Speaker A: Okay. [01:01:03] Speaker B: My idea if, if I had to put it into like a a movie slogan would be I'm trying to bring file sharing out of the dark ages is it's super easy to make a group chat. It's super easy to post a post somewhere on X so that a whole bunch of people can see it. Granted it comes with censorship and trade offs and all these things. You don't really own your content. That's one of the biggest problems right Is that like I have access to a lot of my content stuff that I have saved on or I bookmarked or whatever on X it's like real. It's hard to get it off X. I got. I don't like why, why is. And and one of the crazy things is like somebody can post something on a website and a million people can go look at it and find it insanely valuable and find it like crucial information and they bookmark it and all this stuff and then just that website goes down, just that URL gets taken, the domain goes down or something like that and poof is gone. A million people have downloaded this on their computer and they have looked at it locally and somehow it's gone forever. And it's like, did somebody, Is it, is it anywhere? Like, I feel like all of these have the same problem is that to move large amounts of files or to easily sync between devices and you basically can't do it with a good UX unless you're using a service provider. And that service provider has copyright concerns, that service provider has censorship. And do you have the right opinion concerns that service provider has a we're holding your keys for you concerns. Like they own everything. They usually own your identity, they own your content, they usually monetize your content. You know, like it's all, it's just them. And file sharing, whether it be copyrighted or not, doesn't really matter. It's not, it's not even about that. It's not like I'm not trying to like make it so that everybody can download illegal movie or download movies illegally, super easy. It's just, it should be generic. I shouldn't be able to see what people are sharing. You know, just like I can't go to somebody's house and be like, what you putting on, what you burning on that CD that you're giving your friend? You know, it should just be yours. Your, your data and your content should be yours. And if the quote unquote source of a website goes down, if a million people have seen it, it should still be available in a million different places or at least a few thousand different places if somebody chose to save that. And so paradrive is. How do we use. We're using the Para stack as the main back end with Keat and the whole Punch team and stuff. So it's their protocol and we're basically building a framework and an engine, so to speak, for making this very intuitive to build with is you essentially create a space and then you invite people to the space and then you can very, very simply sync with everybody who joins that space. So, so you basically create a space for your own devices and then you add your, your Apple Watch and your phone and your iPad and your, your tablet, your desktop computer, your MacBook, whatever, and then they are all connected and anytime any one of them is online, they're syncing data from all of the others. And it acts like bittorrent behind the scenes. And the fact that you have one seed and Everybody still has the file, but it doesn't come with all the clunky, weird UX and the go get a torrent from somewhere. You know, it's just, you just see lists of files that your other devices have and, and then, you know, implement a few different mechanisms of like, okay, I want one device to automatically back up everything that every device has. So, so you have like an archive device. Yeah, well, you just check a box. And then my Linux machine at home is going to download backups to all my wallets. It's going to download every picture I take on my phone, like that sort of thing. It's just, it's just there. And then any other device I bring up, boom, I can see the thumbnails for all of those images. I can scroll through them and I can click on them. And it takes a couple seconds to pull it from my, either my other device or my Linux machine, the archiver, you know, whatever it is. And if I want to create a group chat with you and with my brother and like all that, we just, I just, I, I have them saved as a contact, they're a noster id. And so I just say, oh, I want to, I have 20 photos that I want to share with my brother, with Praveen, with Roy, with, you know, you know, 10 different other people. And I just check, check, check, check, and I say share and then boom, they're all in the thing. And anybody who downloads it is immediately a cedar to everybody else in the group and it just works. But obviously there's a lot of keys involved in this and the, the process is relatively simple right now, but we end up with a master device that basically has the authority to add other devices into the mix. And if you don't back up your seed, then you kind of lose the whole setup. Right. And so I've been trying to figure out what that trade off is, what that, that middle ground is. Sorry for the long rant on, on this. But what that middle ground is for creating a Nostra key to be the. It. It's an offline signer, right? Is that all its job actually is to do is to sign, to approve new devices and that's it. Otherwise it's not signing stuff that individual device is signing. Right. So every device I add has its own key and then if I lose it, I just say kick. Okay, I lost my iPhone, so I'm going to go back to my main, I'm going to sign that this iPhone is no longer part of the space and then everybody just updates that list and, and now the iPhone is out. So it got stolen, it got lost, whatever. Yeah, but I need a passkey option too. I, I, I, I love that, you know, I could make it sovereign and people can be like, yes, I want to make a, my own key and I want to back up those seed phrase and stuff, but I need a passkey Apple icloud sort of solution too to, to make this easy to, because, because I don't want to, I don't want to target Noster users, you know, like, I want to target people who want to easily share files and have like a kind of a social layer on top of it where if you want to share something, you just scan a qr. Scan a QR had a, at a friend. They, they can have the file now. Yeah. You know, so anyway, that's, that's the long medium story of it. [01:07:46] Speaker A: Yeah. So I, I think in the future passkeys with PRF will be used more and more, I think signals moving in that direction. So you'll probably see backups be slightly different and they'll ask you to make a passkey for backups and like, yeah, even like Noster, like backing up Noster keys basically. It's a really good solution to back up anything. Right? Yeah. And the like, like I said, the nice, one of the nice properties that it has is like you just, you create the passkey but then all the encrypted stuff is like fully encrypted. So it doesn't matter where you keep it that it doesn't have. You don't have to store it in a secure location. Right. It could be any old file storage thing. So yeah, from how you explained it, I don't see any reason why your master device, I mean it doesn't have to be a device. Right. It could just be a master key. That master key could be stored using in a pass key. Basically. [01:08:46] Speaker B: Essentially that that's what I want is to drop that friction away, allow them to be able to back up that, that master key. But have, and also I also wonder too, is, is there a simple way to like I could also have the option of like having a PIN or a password that doesn't even have to be super secure. Like one of the things that I learned about like, you know, in the days of really digging into Bitcoin keys and stuff is they have bip 40, I believe. I don't know, I can't remember exactly. But when you generate a key, it's not actually directly from your seed, it's hashed like a thousand times. And then that derivation after the thousand 1000 hashes is the actual key. And so any of the entropy for brute forcing it is basically multiplied by a thousand. Because you can't just use the, the PIN number, the passphrase or the seed or whatever to immediately generate it. You have to do some work to figure out what the actual key is underneath it. And so the thinking was, is like, okay, well what if you had, what if you had it encrypted with a passkey and then you asked them to put in like a six digit pin and then you literally hashed it 10,000 times or something. And like how, how much without some enormous delay in computer, how much just base level brute force protection can you get with one additional element that's very easy to remember and much easier to not lose that would allow this to be passed around to multiple devices. And you're using it so irregularly because you literally just use it to add a device. That's it, you know, you never touch it basically in any other context. So if that's the case, what if it does take three seconds to unlock that key and use it? Yeah, okay, that's not that big of a deal. But if it takes three seconds every time you want to check, you know, one of a combination, a hundred thousand possible combinations, that's a lot of seconds. Increasingly becomes a lot of seconds to brute force it. And you know, so if you have like an eight character password that's pretty easy to remember and isn't crazy secure, it becomes a lot more secure if you, if you had that, that computational task. [01:11:19] Speaker A: So yeah, to be honest, I don't love pins, but like, because I explored the PIN stuff too. The problem with four and even six digit pin, which you're alluding to is basically unless you have some kind of like a server that, or something that does like rate limiting it, it can't, it's not secure. Right. So you're thinking of rate limiting using hashing. It's interesting, but it's kind of asymmetric in that it'll take three seconds on a phone, which is what most of your users are doing, but it'll be much faster for an attacker. Right? Sure, because they could, they could spin up an 8. Like especially if it's like hashing, they could have an ASIC running that. [01:12:03] Speaker B: They're just going to be using their, their supercomputer that if we're talking about like the NSA or Apple or whatever, they don't care about like how long it takes Your phone to do it. [01:12:12] Speaker A: Yeah, yeah. So it's, it's, it's asymmetric in, in the wrong way, basically. [01:12:17] Speaker B: Yeah. [01:12:17] Speaker A: And my other problem with pins is that they are easy to remember. They can be, but if you're not using them a lot, like, they are easy to forget as well. Like you could, like. And basically to be super safe, you'll want to save it somewhere. [01:12:31] Speaker B: Yeah. So the potential benefit is. Is probably outweighed by the cost and the fact that that security benefit isn't that great and it is still just easy. It's still just something you might forget. [01:12:46] Speaker A: Yeah, yeah, exactly. And then I went, that. I went through that way, like, so basically if I was going to use a pin, I would save that PIN in one password. Right. So if I'm saving it in one password anyway, why not just use that saved in one password? So that's kind of how I went about it. [01:13:05] Speaker B: It's the appearance of. It's kind of like the, the metal detector at the airport. Right. It's. It's a little bit on the, in the potential for security theater rather than like real security. But it does come with downsides. [01:13:20] Speaker A: Yeah. [01:13:21] Speaker B: And so. No, that's, That's a fair point. That's a fair point. We haven't really. Right now we're doing the, the slightly more naive approach and we haven't really gone anything in that direction. But I've just been thinking about it. But that's a, That's a very fair point on taking that route. Yeah. [01:13:37] Speaker A: Yeah. I mean, feel free to, like, use me as a sounding board just because I've been thinking about this stuff a lot as well. So. And it's, it's interesting. So. Yeah. [01:13:48] Speaker B: Oh, no, yeah, it's. I find it fascinating trying to come up with designs and architectures for, for stuff like that. And it's, it's definitely a really fun thing because it's, it's, it's a, it's an interesting problem. It's an interesting problem. And one of the things I really wanted to be able to do with paradrive, which I actually talked to Roy Scheinfeld just a little bit about this and he said, you know, when it's ready, let me know, because it might be something we would want to use was to. And this would be interesting if you could have a passkey that maybe we treat it. I don't know, there might be something there in, like if every device has the master key, but it's encrypted, like with the passkey, but it's not saved in icloud is we encrypt it locally and then push it into the PEAR drive sync and and then pass it around to all the different devices and so the passkey unlocks it. So any device can be your admin and every device has it, but it's encrypted with the passkey. But Apple doesn't have the encrypted information. Your peer drive network has the encrypted information. [01:15:08] Speaker A: Yeah, that'd be interesting. Yeah. So Apple has the passkey but not the encrypted information, not the blob. But again what you're solving for there is that you're basically the only thing you're solving for there is like you're assuming that Apple is lying about or not assuming, but you know what I mean, that the passkeys end in encrypted and then if that's the case. Well I mean if you don't trust Apple, you could trust 1Password or Bitwarden. I mean or if you're running Bitwarden then there's less trust there. But yeah, that would be the trade off. [01:15:45] Speaker B: Wait, so you can in context of the one with Bitwarden you said they are passkey compatible or whatever. Can you generate a passkey in Bitwarden and use it like a passkey? [01:15:58] Speaker A: Yeah, so If I'm using 1Password, 1Password. [01:16:01] Speaker B: Okay, I misunderstood this context. So what Apple does, you don't actually have to use Apple to have a passkey. You can use their signing or their protocol. [01:16:15] Speaker A: Yeah. So basically Apple Passkeys is just one service that implements passkeys or password managers. Right. So Apple has their password manager but like Bitwarden is a password manager. 1 password. Yeah. And yeah, they're all their separate password managers. If you're using one pass, your passkey is not going to Apple at all. It's just done on thing on device. The nice thing that Apple and Google have done more recently in the last few years is integrating adding ability to integrate external password managers deeply into the ecosystem. Right. So that's why you can do auto fill in different apps and all that and you don't have to use Apple's password manager. [01:16:55] Speaker B: Yeah, well snap, that means that this could be done in something like pair pass and then we could utilize that just synced across devices with peer drive and we could basically have our own version of it just without the central server. Um huh. I did, I'd see, I did not, I did not quite understand that when you were talking about like they had pass Key integration. I thought it was be like you would unlock your Bitwarden with passkey. I'm sorry, I just imagine Apple built something that was closed. It like was not something that other people could utilize, you know. [01:17:30] Speaker A: Yeah, because passkeys is like an open standard. Right. It's a web authent standard. It's not Apple. [01:17:35] Speaker B: I totally thought, I totally thought it was Apple for some reason. I, I just, I think I've only only seen it on my phone because it's, you know, it's, that's where it was in front of me. [01:17:45] Speaker A: Yeah, it's open and I think they were just like one of like they, they were one of the like this, let's say starting members in that they, they were first to as like actually like show support. [01:17:57] Speaker B: Yeah, yeah, yeah, yeah. Okay. [01:17:58] Speaker A: Yeah, no, it's a really good open standard. Yeah, yeah. [01:18:03] Speaker B: Well that's great. That's great. And so this basically isn't attached to Apple at all. Your, your framework is a, is a general framework that we could actually implement with specifically. [01:18:17] Speaker A: Yeah, yeah, yeah. It doesn't have to do anything. I'm Apple at all. It doesn't need to be. [01:18:24] Speaker B: Yeah, it's just using their icloud for the sake of simplicity, for the sake of users who don't want to deal with the complexity of it. [01:18:31] Speaker A: Yeah, yeah. So like theoretically speaking I'd have to work on the UX for this. But one way this could work is let's say um, a user creates a wallet on the iOS version of COVID but they store the passkey in one pass and they store the encrypted blobs in, let's say Dropbox. Right. What that means is like they could get an Android device and, and then restore all the their wallets on the Android device as well. Right. Because, because it doesn't have anything to do with Apple. You just sign it One Pass in Dropbox and you can have it. That's not going to be V1. V1. It's going to be very simple. It's like if you create your seeds in Apple it's going to be only available in Apple and if you create an Android just for simplicity. But again there's nothing stopping it at the protocol level or the spec level. There's nothing that stops it. It's just a matter of explaining to the user, hey, if you want this available on Android then you can't use Apple icloud or you have to use One Pass in Dropbox or something. Yeah, it's just a UX issue. It's not like a technical issue. [01:19:39] Speaker B: Gotcha. Well, interesting. Like I said, this has been a problem that I been thinking about from a bunch of different ways. And there was a. There was a conversation that I had. I cannot believe. I can't. I can't find it. And I wasn't even able to find it in my, My quote unquote deep search that I little, little thing I built for search into the website. Excuse me. Searching through my podcast history. So I don't know what the heck happened to it. I might just need to be a little bit broader in my context, but there was a way, somebody had developed a way to do sign in with Apple to have Blinded keys on a hosted server. And I thought it was called Open Secret, but every time I search Open Secret I find the, the documentary and the website about Hollywood and pedophiles. [01:20:33] Speaker A: Yeah, yeah, there is a company called Open Secret. Yeah, yeah, I thought it was a bad name for the same reason. I think that is who you're talking about, though. There's the Mutiny guys. The. The Mutiny guys. [01:20:44] Speaker B: Yeah, yeah, I posted this on Noster. Nobody knew what I was talking about. [01:20:48] Speaker A: Yeah, it's a Mutiny guys. Their company's Open Secret. They have the blinded AI like LLM thing. [01:20:55] Speaker B: They were directing it or they had been looking into and maybe it was just the. What we talked about wasn't available. So. And you know, the blinded LLM is their, their main thing that's out. But they talked about it. Yeah, yeah, they had talked about it in the context of which that actually is a big thing too because there's. There's an AI integration to Hair dry. Um, but he had talked about using it to host Nostra keys so that people could do a sign in with Google, sign in with Apple, and Apple couldn't. Didn't have access to the keys because it wasn't stored on Apple servers. And the service itself, the Open Secret Service, didn't have access to it because you had to decrypt it locally through keys that are in your icloud or that, that are in your thing, which, you know, passkeys, similar, similar relationship. But they're basically hosting a server that does nothing but manage or to have Blinded keys. So which is also something that I've thought about in this context of like if Pear Drive, the company is hosting a server, is that before and. Or in lieu of thinking about like selling backup services or an icloud service or whatever to somebody, which we could do, and I probably intend to do, or I definitely intend to do at some point. But the first thing that would actually be really, really useful is hosting blind backup keys. Blinded backup keys. So the sort of Open secret option was kind of the first thing. But if the user has created their own passkey for the, the noster, for their, their main, their admin key, that's basically a way we can do it without even kind of worrying about, like the blinding side of it. Because it's blind by default. Like I'm just hosting an encrypted blob for them. [01:22:55] Speaker A: Exactly. [01:22:56] Speaker B: So that would be awesome. Yeah. [01:22:59] Speaker A: So their website is opensecret Cloud, if you're wondering. [01:23:02] Speaker B: Ah, thank you. Thank you. I see. See, I'm like doubly happy that I did this because I knew this was out there and I couldn't believe that people. Thank you. Gosh. I am going to save this in, in a easily searchable way. Let me put this in the right place here. Okay. Okay. Thank you. That, that makes me feel so much better. I'm not crazy. I knew, I knew I had this conversation. I could not remember who the heck it was and I could not Google search it at all. Couldn't Perplexity either. Perplexity did not have the depth of the. Of index to, to go find this out in the world. [01:23:42] Speaker A: Yeah, I've, I've listened to a few podcasts with those guys on it, so I think that's what I remember. [01:23:49] Speaker B: So how does this apply to Open Secret? So is Open Secret functioning functionally very different or is it literally just kind of the differences that they're going to host a server to do this as opposed to. I like, they're kind of like a swap out for icloud. Right? Yeah. [01:24:05] Speaker A: You know, I don't remember their full, like, setup. I, I know it's not just like, it's not just for like this kind of static secret sharing. Yeah, I, I don't, I don't remember. But I, I do remember they have like a server and stuff. Again, which I wanted to avoid, like, not having a server. [01:24:23] Speaker B: Right, yeah, yeah, of course. [01:24:25] Speaker A: And I know they had like HSMs, like hardware security modules, like involved in there somewhere. For me, my, my, my read on Open Secret was that it was mainly for people like running web services for their web services to be blinded. Right. Whereas co is a fully local, like I don't have a server. Right. It's a local thing. That's why I don't think it really applies. [01:24:53] Speaker B: Gotcha. Gotcha. [01:24:55] Speaker A: Oh, actually, yeah, I'm remembering this a little bit more, but basically, yeah, it's basically like they're like if you're running a website, if you're running a server, I think open secret is a way to make the stuff running on the server blinded even to you. [01:25:09] Speaker B: Yes. [01:25:10] Speaker A: So it's just not a problem I have. I'm not running a server at all. [01:25:13] Speaker B: Yeah. Having to sell Bitcoin hurts, especially when you are certain it is going to be worth more in the future. But you can actually get access to the Fiat without selling it by using a Bitcoin backed loan. Maybe this is for an emergency, maybe this is for an investment that you think will do really well, but it won't beat Bitcoin because it's monetizing or this is actually something that you know you'll get back but the timing just isn't right and you don't want to let Bitcoin go for that span. This is why LEDN was built. They let you borrow against your Bitcoin quickly and easily and Bitcoin is the ultimate collateral. There is no more perfect thing to use securely in this setup and something that you can verify with their proof of reserves that they do. There are no monthly payments if you don't want you pay it off at your pace. There's no penalties for early payment, there's no finder's fee. It is quick and simple to get your funds. I think their turnaround right now is like 12 hours. And I don't know why every Bitcoin company doesn't do this. Everybody who's at least holding Bitcoin for other people. But they do a proof of reserves so that you can confirm that your balance is there. And something that made me really happy recently is they just cut their Ethereum loans, they cut their yield product, they cut their non custody loans at lower rates. And so they now offer one simple hyper focused thing, custodied, secure, easy Bitcoin backed loans. Use someone with a good track record who's done over $10 billion in loans available in over a hundred countries. They do proof of reserves and they've made it through the toughest times in the market without having a single problem. There's no credit check, there's no hassle. It's simple. This is why Leden IO exists. Get the value of your Bitcoin without having to sell it. Remember to read up on how the collateral works. They're really good at reaching out and making sure that everything stays balanced. Remember that Bitcoin is volatile so do not overextend if you know how to use it. This could be a huge, huge benefit to your Bitcoin stack and give you optionality in accessing fiat without it being that selling Bitcoin is your only option. I've been a very happy customer. Check them out. The link and details are in the description, the benefit or where. I think people miss as to why peer to peer is actually, or at least in my thinking, why I think peer to peer is necessarily almost where things go is that you don't have to run a server. And it's not about like, like, oh, I don't like servers or whatever. I don't like centralized places where you store stuff. Like that's not it at all. And I think that's a lot of the misunderstanding of what makes peer to peer great. I think what makes peer to peer great is the fact that I can host a server without a DNS, without AWS cost, without a front end. Like, like it's, it's about the fact that like my Linux machine at home, on my normal Internet connection can be a server and if I want those in four different places, all mirroring the same stuff, I can have it in four different places and my cost is a machine. [01:28:29] Speaker A: Yeah. [01:28:30] Speaker B: And that is a big deal in my opinion. Like, like if, if, you know, pear drive is running in the back end and connecting all of these things, well then you actually could host a quote unquote key server or whatever for users. And, and you could be like, hey guy, can you run a backup of all this stuff? The keys, the total encrypted blobs are about, you know, 520 megabytes or something because it's just a tiny little blob of a key for a million users. Yeah, I don't even know how, I don't even know how big that would be, you know, and I'd be like, sure, sure. And then if your computer was ever offline, they could still just get it directly from mine. The key is getting that experience down so it can just find anybody on the network that might be hosting that. [01:29:18] Speaker A: Yeah, I'm definitely, I've been definitely interested in more peer to peer stuff. So there's this to get a little bit more technical. Cove is written mostly in Rust. [01:29:28] Speaker B: Okay. Iro's written in Rust, isn't it? [01:29:31] Speaker A: Yes. I was just going to go. I was actually about to talk about iro, so I didn't know you also. Yeah, so I do you know, the Fedimint guys, they're using iro. [01:29:41] Speaker B: They're using iro. I did not know that. Oh, Cool. Okay. Sweet. Sweet. [01:29:45] Speaker A: I don't know. I don't know if they. Their IROH version is out, but they were talking about how IRO made setup so much simpler because, like, they don't have to worry about DNS and all that kind of stuff. And I really want to bring IROH to Cove for the idea being for the people running right now. I don't support Tor partly because of the like, Tor sucks. [01:30:08] Speaker B: I mean, sorry, I was going to. [01:30:11] Speaker A: Say partly because I haven't had the time to like actually do it, but partly because Tor sucks and like the UX is going to be really bad. Right. But there's a lot of people using AD that have nodes at home. And my idea. And like, I know people can set up tailscale and like set it up, you know, globally on their phone. That sucks. Exactly. So my, my idea is basically, I would call it Cov Connect. It's just like another app you would install on your umbrella or Start nine or your home node and then. But basically that would just be like an IRO proxy, right? And then it would just give you a QR code to scan from COVID and then you would connect. You would have IRO running on basically Cove and it would connect to that and then that would talk to your Bitcoin or your Electrum RS server running on your node and then that would be cool because like, basically you'd be. It's like a direct tunnel right into your node but like without having to set up anything local or globally or tailscale or anything like that. [01:31:12] Speaker B: Yeah, I think discounting just how powerful that is, like, we looked at IRO very seriously, but the only reason we steered away from it was literally because it was written in rust. And then also not that like I have something against rust, but just the. What we were trying to have. A big part of how we were trying to have access was to just have a simple rpc. Like so you can just build web apps that talk to the back end, like very, very easily and that it's basically universally accessible from all different areas. And then also the way we were trying to build quote unquote spaces, so to speak, the kind of like groups was a little bit more. IRO is very like direct send a file and it was a little bit harder to get this sort of bittorrent feel out of it, of broad mini connections, many downloads. And I also could have not understood exactly how to build with it properly. I might have been missing something as we dug into it, but the pair stack definitely seemed the shorter. [01:32:23] Speaker A: Yeah, I think what you're getting is. I think iro's very, it's very low level. It's more low level than like maybe the pair stack has more stuff that you needed. Iro basically just what it does, it just helps you connect two computers together and you're on your own after that. Right. How do you connect multiple. How do you do. You'd have to implement BitTorrent on top of that or whatever. Right. So it sounds, I haven't, I don't have experience with the pair stack, but it sounds like it has the connection part, which IO has, but then a bunch of other stuff built on top of it. [01:32:54] Speaker B: Yeah, yeah. Basically like Blake 3 hashes and blobbing and like all the, all the restart and downloading from multiple peers are kind of like built in as just like part of the entire function. And, and it did just seem like we were gonna have to build a lot more. We still had to build a lot of stuff because it's not quite optimized. We're, we're using a couple of primitives though, that are fantastic at solving a lot of issues that we've had over the time, over the years of building this thing. But that's awesome that they're using iro. I did not, I did not realize that. And like, that's amazing. You know, as much as I've been, I just, I don't care, I don't care what the solution is. Like, I just, I just feel like this is, this is our, this is our solution, you know, this is how we fix this. And the idea of just connecting directly to a device over ClearNet with an encrypted connection managed by keys, that is just kind of blinded. It's just in the background, you know, and you're not. The user doesn't even think about it. Is, is it like, you know, the reason websites and the Internet completely revolutionize everything is because it just drastically, you know, if, if it cost a hundred, like, let's just say generic units is just a hundred of a thing. A hundred units to open up a retail business and have all of this investment and all of this headache and cost and risk because of how many users you can reach and, or customers you can reach and all this stuff, if that was a hundred and the Internet brought it down to two because you could just host a website and now anybody can connect and you can sell them stuff and you can ship it and all this stuff like that. That's why that was revolutionary. And I think people really discount that the new hundred is getting a DNS, hosting your own web server and paying AWS or whatever service a subscription to just have something available on the Internet for somebody to go look at and how big of a huge of a pain that is to actually put all of that together. Like my website for Bitcoin Audible is one of the biggest pains of this entire show. I hate it. I hate the whole process. WordPress sucks. And I think people don't realize what a massive barrier that is and that you don't need to build an environment, you just want, you should just have an app that looks at videos and then the video can come from wherever the hell the video comes from. [01:35:22] Speaker A: Yeah. You know, I think what's interesting about that is because like right now running your own server is not easy either. Right? But with cloud code and AI and stuff, because it can act locally. I wonder if that will have an impact on. I wonder if that'll make more people run their own servers. Because like now it's, it's easier because you just, you know, you could spin up a Linux box and run Claude on it and say, hey, this is what I want. Like can you set me up? And right now I think you can basically already do that. So. Yeah, I think, I think what I'm trying to say is like your thesis might be even more correct now with the advent of more and more capable AI. [01:36:06] Speaker B: I would really like it. I would be super happy if paradrive was a part of that, of making that easier. I mean that's, that's like 90% of the goal is not only to solve my own problem but to just make it that rather than doing all of the work and building the peer to peer and even thinking about like the architecture of that, you literally just say import paradrive and then you say make space, add friends. Like, like it's just like basic it, you know, it's the, it's the Wallet Dev kit or the Breeze SDK of trying to build peer to peer networks and that's what we're, we're trying to do. It sounds like IRO is probably, if you're, if you're built in Rust though IRO is probably a quicker solution and more compatible. Trying to plug things from different environments in has been something else. [01:36:55] Speaker A: Yeah, it's. For me it's easy because like for what I want to do, it's like I don't need all, like I just need, yeah, two computers to talk to each other. [01:37:02] Speaker B: Yeah. [01:37:02] Speaker A: And then. But it's interesting because so this, the PRF passkey thing is it, it works for seeds because seeds are static right. They don't change. You have it basically it's. It's a. It's create only. There's no append. What this current solution though is not really. It's not a complete solution for all types of sync. Right. Like one thing I want to bring in syncing is for syncing labels. So like wallet labels, address labels. [01:37:33] Speaker B: Yeah sweet. Right. [01:37:34] Speaker A: So just this alone won't solve that problem because it's because the data is changing like you have to store it somewhere. Right. So I would, I would need. [01:37:45] Speaker B: A. [01:37:45] Speaker A: Sync solution like I was. I don't know if you've heard of terso but it's basically like a database syncing solution. But I can use Turso T U R S O Turso. [01:37:55] Speaker B: I don't think I know that one. [01:37:56] Speaker A: No but basically I would need a secondary something that syncs on its own. But the, the key for that like that would. I would obviously still want to make that encrypted. So the key for that would. This would use pass keys right. But yeah maybe pair could be like that like a different solution to sync stuff like ongoing sync stuff that's always changing as well. [01:38:21] Speaker B: So the index in the way we're doing the index in the new. The current paradrive core which has a lot of issues but it does the job. Like I sync stuff between my devices already. It's just I don't have a mobile version um but it is the easiest way to get device get files from my Mac to my Linux which makes me very very happy. Uh in fact my brother, every once in a while I'll be like dude I need, I need to get some files or can give me the new version of paradrive or the new. The new this or here's some. Give me some movies off your Linux machine or something like that so that he and his, his wife can watch it in Canada and every single time I just make a little pear drive sending the key. It's clunky right now because it's terminal based. Sending the key and then he just downloads and watches it and doesn't. There's just nothing to it which is great but the new version we're. We're intending to do the, the indexes with SQLite and I just brought up Terso and it's a complete SQLite drop in replacement. So yeah very. That's. That's pretty interesting. It would. It would be really nice to think that if there was a better solution than Our kind of custom sync logic for SQLite databases is that this actually kind of just makes. And makes it work in a more optimal or more specifically designed way. I'm going to drop this in the group too, just in case. [01:39:50] Speaker A: Yeah, that's exactly. So what TERSO is, it's basically SQLite databases that they built in syncing for, but you still, you can still learn like a local copy. It's just the local copy is synced with their servers and then you can basically bring those onto other devices, but for Bitcoin purposes, obviously you would encrypt it and then so they don't have access to it, they just sync it, basically. [01:40:14] Speaker B: Gotcha, dude, that's awesome. [01:40:17] Speaker A: Yeah, this is great. [01:40:18] Speaker B: This is great. These are a bunch of great little things that we have to investigate now. I appreciate that. All right. Now, actually, because you, you brought this up, how do you think about AI in this context? I know this is not like, directly related to Cove, so my as, as I said, like at the very beginning of this, or before we started is Vibe coding is kind of like my pastime now. Like the last two days I've just been back and forth between my laptop saying, yes, do this. No, don't do this, do this differently, you know, And I just, it just, it's doing it all day, all day. I'm Claude code working on something and I'm curious how you think about this in the context of like, let's say the backup framework that you made. Because this is something that we think very seriously about in PEAR Drive is I wanted someone to be able to import PEAR Drive and then Vibe code and interface on top of it and just using its API and then not have to think about the security or the keys or anything like that. And they can just, they can just build an app that's just a generic app, do whatever they want. No infrastructure, no hosting servers, no needing a platform. Just put it out there and then people can play a game together, they can watch movies together, they can chat, app, you know, whatever, doesn't matter. [01:41:37] Speaker A: Yeah. [01:41:38] Speaker B: So how do you think about this in the context of AI? Because I, I think you're absolutely right. We've entered a really, really interesting space where people can just start building shit like crazy. And I kind of feel like this is going to be. Not only is this going to be the Vibe coding era, but this is going to be kind of the, the framework, the SDK era as well, where everything is about building, like a strong foundation that doesn't need to rely on Vive coding. Because Vive coding has its problems too, so that Vibe coders have all of the tools they need to just run and build a million things with it very, very quickly. And I'm curious how you think about COVID and the framework that you have for the backup in the context of that. [01:42:24] Speaker A: Yeah. So Vive coding in general, I've really been loving AI using it a lot. Opus 4.5 is amazing. [01:42:32] Speaker B: It's amazing. Yeah. [01:42:34] Speaker A: So I've been like, just fun vibe coding random websites. I made bip110.org fully vibe coded. [01:42:42] Speaker B: Oh, hey, okay. [01:42:44] Speaker A: Right. I didn't look at it at all. But obviously for stuff like Cove and like, you know, security stuff, you're not going to want to vibe code anything, obviously. [01:42:53] Speaker B: Yeah, yeah, for sure. [01:42:56] Speaker A: But even then, like, AI can do the typing for you. Right. So instead of typing it out, you. You obviously come up with the idea how you want it implemented. You tell AI to do it and then you go and check all the code to see if you review it, to see if it's done it properly. So that's not Vibe coding, but it is, it is still different from like how we normally program. As you're talking about SDKs and stuff. I don't know if you've seen the videos by Nick Slaney for Money Dev Kit. He really seems to be thinking about this, um, in that way because, like, all his videos are basically like, here's how to use replit or Claude or Cursor or whatever to use Money Dev Kit. So it seems like. [01:43:40] Speaker B: That's awesome. [01:43:40] Speaker A: Yeah, he's, he's really nailed in the docs and he's put in a lot of work to, to make his website and his docs like, really usable by AI, so that when someone points an AI to it, it does it right the first time. So I think for Money Dev Kit, that makes complete sense because, you know, Money Dev Kit handles all the security, all, all that kind of stuff and then you're. The AI just needs to hook into it. But I think the way you're thinking about it exactly is exactly how he thinks about it. Just go on his Twitter, the Money dev Quick Tidditter, watch some videos. Like, I know they, they put in a lot of. It seems like they put in a lot of effort to make sure it works really well with Replit, for example. Yeah. So, yeah, I can see more stuff like that where SDKs are purposely built to be easy to be vibe coded with, but it's just like not really relevant to Cove or This spec, because, you know, it's not really an SDK, it's more like a high level. Like, this is how I'm thinking about it. [01:44:41] Speaker B: Yeah, yeah. [01:44:42] Speaker A: Like this is the general architecture. Like it would if. Let's security review this and then let's like really make it really strong, like, you know, bulletproof and then everybody can use it kind of deal. [01:44:54] Speaker B: Yeah, out of curiosity, is, is. Is Cove open source? [01:45:00] Speaker A: Yeah, yeah, fully open source, MIT license. It's on GitHub. [01:45:05] Speaker B: Sweet. [01:45:06] Speaker A: If you go to cove, Bitcoin wallet.com. [01:45:09] Speaker B: And just went there. View on GitHub. I just saw it. Yeah. Okay, sweet. And is this, is this mobile only or is there, is there a desktop version? [01:45:21] Speaker A: No, right now it's mobile only. Right now, basically I have the iOS app out. Android app is basically complete. I'm just doing internal testing and in the next two weeks I will get the beta out for Android users and then I have a bit of a roadmap for features to add. But then later, like maybe six to 12 months, I will think about doing in desktop versions as well. [01:45:50] Speaker B: Sweet. [01:45:51] Speaker A: But before that, I want to get all the syncing done and I want to have a proper label sync so you can. All your stuff will be available on both mobile and desktop. And if you are doing that, dude. [01:46:01] Speaker B: It'S kind of amazing that. And I guess this is just like, I mean, it's why we feel, why I felt the need to build paradrive for so long. But it's still amazing to me that the syncing problem just hasn't been solved without like giant platforms. You know, part of the solution is, you know, figure out how to use the giant platforms with as little risk to the giant platforms or little dependency on them as possible. But I have wallets that I use on both my desktop and my mobile that are not the same wallet. They're, they're the same tool, but they have completely different keys because, like, getting them to securely talk to each other and be in like the same wallet space is really hard. It'll be interesting to see like, when you get to the point with COVID because that would just be so freaking awesome to just be able to boot that wallet up. And I'm looking at the same balance. Yeah, I'm looking at the same even as hardware Wallet. Yeah. You know, like, whatever it is that, that I'm doing, it's just, it's the same wallet. When I boot up Cove from any or all of my devices, from my Android, my phone, or my MacBook, it's my cove Wallet, you know. [01:47:22] Speaker A: Yeah, yeah, so with, with, with the icloud seed backup and you know, if I actually have a desktop app, that, that part will be easy. The harder part will be the labels itself because I said like the, and then if I have to use Tercel, you know, like it's not free, so I might have to charge like a little bit for that, the label syncing functionality, I'm thinking like 10 bucks a. [01:47:44] Speaker B: Year or something like that. Gotcha. [01:47:45] Speaker A: But, but even without that, even if you're like just using the free version, you know, your transactions will be there, just maybe not your labels. But even with the labels we have, we've done some, some work to make that easier. So right now if you have labels in Sparrow, you can export that as a, basically as a QR code and then you can just go and scan that QR on Cove and then that will bring all the labels over for that wallet. [01:48:11] Speaker B: Oh, that's awesome. [01:48:12] Speaker A: Yeah, so it's like, you know, semi, it's not automatic, it's a manual. But you can't, you can do it today. [01:48:17] Speaker B: Sure. So yeah, no, that's a, that's a big deal. And I think people also discount the ease of use for things like that is like I would just love. And this is, this is. As somebody who has seven terminal windows or so open right now. Yeah. You know, like I'm constantly using lower level computer, but I just, the idea of just being able to boot up my code wallet and log in with Apple or whatever and, or my passkey and then it's the same wallet just makes me so happy, you know, like it's like, why, like sure, there are ways to do the complex and the kind of like lower level computer solutions to things, but those aren't real solutions for most people. [01:49:05] Speaker A: Most people? Yeah, completely. [01:49:07] Speaker B: The overwhelming majority of people. It's not a solution. I think everybody who knows how to do that stuff or conceptually understands the pieces and how they fit together, just completely discount that. You can't, you can't apply that thinking to everybody else. You know, it's hard to remember what it was like to not know something. [01:49:27] Speaker A: Yeah, honestly, that's exactly what I was going to say. I think that's why there's so many UX issues, is because when you get to a place where you can actually build something and like have the knowledge and skills to make things better, you have forgotten what it's like to be a beginner. And then like, and now you're building for yourself with the knowledge and Abilities you already have. You know, I've already had like, I posted this PRF thing on. On Stacker News, and one of the comments was basically like, like, why do we need this? Like, just. Let's just like, you know, have like an FTP server or something. [01:50:03] Speaker B: Like, dude, the number of people who have told me that, like, I mean, like, I'm building pair driving, like, why don't you just use the FPT FTP server? It's like, dude, are you serious right now? Like, how, like your delusion. [01:50:17] Speaker A: Yeah. [01:50:17] Speaker B: Oh, God, that's so funny. [01:50:20] Speaker A: Yeah, what you're describing. Yeah, what you're describing is like, definitely my end goal about like, you know, just booting up my. Going to my desktop, seeing not just my transactions, but the labels I picked for it, and then going to my. Changing something there, opening my phone, and then like, everything's all already synced. That is definitely my end goal. It's just like right now it's just me, you know, and it's like it's gonna take. I wish I could just fast forward to that, but it's like all these different things I need to do before, you know, I have a roadmap and then. Yeah, of course, of course. But definitely excited for that end goal for sure. [01:50:56] Speaker B: Yeah, yeah, yeah. 100. All right. Well, dude, you know, you actually. You have the comment about knots, so I. If you've got. If you've got a little bit more time, I would. Because you. You've brought up the. We both of us have brought up the kind of whole spam debate a little bit during this episode. And I'm curious your kind of framework and. And actually alternative clients in general when it comes to, you know, I've heard from a number of different people and I think there was even like a quote from Satoshi that alternative clients are like a cancer or something. I can't. I can't remember exactly what he said, but it was some, like, they're just a pain kind of thing of like trying to get. Make sure that everything is, you know, the network is in consensus and on the same page. And the. The risk of having a bunch of alternative clients. And you know, that that gives me pause because like, I understand that reasoning, but then at the same time, I don't like, it feels like a risk. You know, like, like, what's the. What's that sweet spot, so to speak of. It feels like a risk if everybody's on the exact same client. Not even. Even if they're the different versions, but like for everyone to Be on the same branch or the same repo. [01:52:21] Speaker A: Yeah. [01:52:22] Speaker B: Rather than having an alternative like knots. And I really think that the best thing to come out of this, and more importantly knots, is also based off of core. It's really just kind of like a modified core. Right. [01:52:34] Speaker A: Yeah. [01:52:36] Speaker B: And I actually think that's like a great thing. And I know there's a lot of, like, core supporters and stuff that I talk to who, you know, very sensible people act and understand a lot of their reasonings for a lot of the things that they've done or why they think a certain way. But I've talked to a couple of people. They say, like, I'm just like, super depressed. Like, everything, everything sucks. Everybody's mad at each other, and like, there's like no consensus anymore. And I'm like, I don't know that that doesn't feel like a. A huge loss to me. I mean, granted, you know, I lean more towards the not side of the. The conversation, but it's almost bad to have total consensus on everything in, like, the social layer. To me, you know, that that makes us a little bit more fragile because we're likely to be long wrong. That includes myself. And so I kind of like the idea of having alternative clients because it's a little bit harder to achieve consensus. And that likely means. Or in my thinking is that that means that only the truly valuable things still get through because you've got someone that has to explicitly make the choice to also integrate and support it. And had we had 50, 50 this client and core client, the mempool debate would have been a very different conversation. [01:53:58] Speaker A: Yeah. Yeah, for sure. It sounds like I'm complete agreement with you. [01:54:06] Speaker B: Yeah. [01:54:06] Speaker A: I mean, before I talk about that, I think my problem with the core side has been kind of like what we were talking about with the people that are technical and then they don't have the empathy or whatever to understand what it was like before you were the core people are so dismissive and like, the hubris is so, so high that like, they're like, they dismiss these people that are not technical, but, like, they understand Bitcoin as money. Right. And they're like, oh, you don't understand, like, you don't understand how to program in C or you don't, like, you don't understand, like, this technically. And Bitcoin is not an open source. I always say, like my Twitter phrase, bitcoin is not open source software. Right. And obviously that doesn't mean it's not open source. It just means it's. It's so much more than that. Right. [01:54:48] Speaker B: It's not just, it's not just a piece of software. [01:54:52] Speaker A: Yeah, exactly. Right. It is money. It is how it works. And like a lot of core technical people seem to discount that. And like there's a lot of smart people that come in from the money side that seem to understand Bitcoin, some aspects of Bitcoin better than maybe the core devs. Right. And the other thing is what was true before doesn't necessarily have to be true now. So like in Satoshi's time, when Bitcoin was young and it was just getting off the ground. Yeah. Maybe having multiple clients, competing clients was not a good idea because. Because so much work needed to be done, like so much work needed to be done to figure out what Bitcoin is, what it's going to be. Right. There's all these updates and upgrades that needed to happen. Like we got Segwit and all that stuff. And you can, you can even tapu. You can discuss like some of the bad stuff that came out of it. But just like when a project is young, it is, it is valuable to be able to move fast and change things easier. And having one canonical implementation helps with that. But I think where we are today, I think having core being 90%, 80%, whatever it is, is probably one of the biggest risks we have left in Bitcoin is that everybody runs a software auto upgrades or whatever. And to a lot of people, Bitcoin core is Bitcoin. And I think that is one of the last risks we have remaining. So I love Knots because that. Yeah. And the issue with having different implementations is Bitcoin doesn't really have a spec. So Bitcoin Core, the logic that's in there is Bitcoin for better or worse if there's a bug or whatever. Right. That bug is part of like the protocol now because it's not written out in the spec. So Knots is good in that. Anyway, on paper, I think like Lib, Bitcoin should be like a really good thing because basically they took the consensus code out and then you could build around it. Right. But Knots is doing that in a, in a different way. In an ideal world. Yeah. I think like we have all these competing implementations that have the same consensus layer. The code is, the consensus code is the same, but like they have different, different, all the different, like Mempool policies and everything else that's different. And then like when I go and install my Bitcoin client, maybe I go to Bitcoin Core, but You go to knots or other person goes somewhere else. You know, I think that's a very healthy and good for, for where we are in bitcoin today. [01:57:26] Speaker B: Yeah. One of the justifications for the direction that Core took with mempool policy is there's lots of discussions about bitcoin being efficient and the mempool needs to mirror exactly what is likely to end up in the next block. And that always seemed a little bit off to me. I'm fine with, you know, I maybe should go a lot deeper on this or whatever. But I'll, I'll also admit that like, you know, when it comes up, it's not really talked about any deeper. It's just like this is more efficient because you know, you have, you're gonna, your fee estimation is gonna be off. And that seems like a super frivolous thing. Like, like, like anybody who hates not use knots users gives a crap if they like pay 2 sats per V byte instead of 3 or something. Like no, nobody gives a shit about that. And you can't guess what the next. It's a, it's a bad prediction system anyway because nobody can predict what's going to happen in the next three minutes on the network. So like that just seems totally just kind of like a back justification of like it could have an effect on this. And to the contrary of them caring, they'd probably shout with glee if a KNOTS user couldn't get their transaction in for a week. And they complained about it on Twitter because they picked the wrong fee because of JPEGs. But all that kind of aside is that I've actually kind of felt that, you know, in, in the, on the flip side of like, oh, we should have the default of blocking non monetary transactions in the mempool. There is another argument that like it just shouldn't be not every client. There's a benefit for not every client treating it the same way because it's not even a consent, it's not a consensus layer. You know, there, there might be better way. There should be competition in how we think about what a mempool is and like what to do with forwarding transactions. And that that layer is not really about efficiency more than it is about censorship, resistance and robustness. You know, like, what are the, what are the values and how do you make sure that there isn't. What's the word? Like kind of one universal mechanism for deciding what does and does not get into the chain, so to speak, and that everybody's running the exact same thing for bugs for Censorship, resistance. I mean like there's just any number of reasons is that they're all. It seems like there ought to be a variety and if a standard forms, it would be because that standard is simply better than everything else. You know, USB is an open platform or whatever, nobody picks it because it just ends up. Everything coalesces that, that way. But we don't arrive at that because you're just only allowed to run usb. It's because it's the optimal, it's, it's the lowest common denominator of like make it work. And so everybody adopts it because it's the best of all the trade offs, so to speak. So I don't know. That's a long way of saying, like I, I've never felt that the efficiency argument was very good and I don't hear many more arguments as to why everybody should have the exact same mempool. And whatever policy we decide is what the whole network should decide and there's some sort of huge problem if 20% of the network decides something different. [02:01:05] Speaker A: Yeah, yeah, I agree. I think it's bullshit. Like, it's just, it's just bullshit. There's, it's a argument. I think that's the other problem I have with core. They have so many like bullshit arguments. There is no dumb and pool, right? There's nothing. [02:01:22] Speaker B: Don't mince your words here. Give me, tell me how you really think about it though. Seriously. [02:01:28] Speaker A: Yeah, like I said, I have no problem being harsh when it's deserved. There's no the mempool, right? There's, everybody has their own mempool. Like there's no guarantee that like the miners will use a mempool, anything like yours, right? It's, it's a false like sense of, it's a false sense of, I don't know, consensus. Like it's not a consensus layer, it's just different. Mempools miners are able to do theirs like whatever they want. Fee estimation is just that, it's an estimation and it's always wrong. Right. So. Yeah, yeah, I don't buy that at all. [02:02:03] Speaker B: Yeah, yeah. So are you actually a supporter of bit110? I mean, you made bit oneten.org is that, do you see that as like an optimal solution or is it just kind of like one thing that you're interested in or looking at? Like what was your motivation and thoughts? There's. [02:02:23] Speaker A: My motivation was basically people were saying, you know, we want a easier way to understand the bip. So I thought, okay, why not? Right? And I don't know. BIP110. My biggest thing with the whole that was the up return. I, I've gone into it a lot in different places, but I think it like that increase in, in the upper turn size I think could be an existential risk in that like I think it increases legal risk for node runners and that's not a good thing. So I like that bip 110 would reduce that. There doesn't seem to be too much consensus forming yet. I don't know if I agree with all of the things in BIP110. To me the most important thing is let's just limit up return to what we had before or even if it's a bit more. I don't want to be able to put images in operturn. Um, I think that Portland HODL had one interesting one with like a. Where you limit this all the script sizes to 5:46 or something. Yeah. So. And I think bip110 could still evolve. I'm not sure what the current status is. I know people were saying oh it takes funds but I don't even know if that's true. It seems like once it came out the Mempool guys made some transactions specifically designed to be caught by bit 110 to make a point. And I know they fixed some stuff so that it would only be going forward. So any transactions made before activation wouldn't affect it. So I think overall I think I am for it. Um, I don't know. I have to look into it more just because like at first I was like, okay, this, there's some good ideas, some bad ideas. I don't know what the current state is, but I'm directionally for it at least. [02:04:20] Speaker B: Directionally. Gotcha. Yeah, gotcha. Yeah, I'm still on the fence and I've had a little bit of back and forth with Mechanic and Steve about this on the round table. Um, I'm, I'm still on the fence as to whether or not it justifies the soft work. I'm not like, I don't like that there is like I, I understand and also I'm very sympathetic to the idea that it increases legal risk for nodes. And I do think that is not something to just outright dismiss. But I don't think it's, I don't think it's a massive additional risk to, to basically the JPEGs and the. That we have on it now hidden in like you know, script pub keys and stuff. Despite the fact that like I do Think it's different. I don't think it's just so simple as that. Like, oh, this is already on chain. So it doesn't matter if we put it on chain a whole lot more in a more obvious way. I think that. I think that does matter. And that's not. You can't just like hand wave that away. And more specifically is that I don't. I never wanted to die on any hill with Bitcoin that like, my. My philosophical motivation was that all money is just money. Like, money cannot commit a crime. You know, like. Like people commit crimes and people do bad things, but the. The ability to control the world around them, to. To control their money, to. To try to stop them or whatever I thought was just. It's just like you. You either stop the person, you either go and you actually legally prosecute or you go through the checks and balances in the system is as bad or as stupid or as good as that system is, or you don't. You can't go around it and basically, you know, execute someone through the systems that they use without actually, you know, needing any of those checks and balances, whether they're good or bad. Basically. Extra legal. Judge, jury and executioner. Right. And so my. I was always ready to die on the hill of like, money is money. All transactions are a transaction. Every UTXO is a utxo. But it was never about. One bite is always one bite. You know, it's one. Bitcoin is one Bitcoin, you know, like, and if you're not using it for Bitcoin, I feel no qualms or issues whatsoever of being like, somebody just pushed a mempool, pushed a dick butt through my node and I'm just not gonna pass it on. You know? Like, I just. Like, that just seems totally obvious to me that it's an exploit of making something that isn't a transaction look like a transaction to trick me into using it. [02:07:10] Speaker A: Yeah. [02:07:11] Speaker B: Or to placing it somewhere. And it's like, that's so obvious. Like, that's so blatantly obvious that this is simply like in the simplest and objective sense of what this is, that's what it is. It's just a way to make a transaction, make something that is in a transaction look like one and using it to store it with me. And I just don't have to do that. And I'm not dying on that hill. That is never a hill I wanted to die on. I wanted money to be free and open and uncensorable for everyone. Not storing JPEGs on other people's computers. Yeah, you know. [02:07:42] Speaker A: Yeah, I completely agree with you. [02:07:44] Speaker B: That's what we build paradrive for. And it's voluntary. You know, it's not a global network that everybody's saving it. [02:07:50] Speaker A: Yeah, like, I don't agree with. I haven't seen a good reason why, like when, right when Inscriptions came out, Luke, that Luke had a PR that would basically update the, the filters to filter those out. I haven't seen a good reason why that wasn't implemented. You know, it's, it's not consensus code. Like this is what filters are supposed to do. Like, I think by definition I've gone back and forth on this with a lot, but I think like you said, by definition inscriptions are an exploit because, you know, it's akin to like SQL injection in that like you're, you're doing something that like it wasn't designed to do. You're doing like you're abusing or using Bitcoin script in a way that like, you know, when you do op end off bit for the inscription envelope, it's the bitcoin script just doesn't read it anymore because it's like, okay, we're done. This is nonsense. Right? This is just dead code and then you're just stuffing JPEGs in there. I don't understand how people don't think it's obviously an exploit. I like your way of thinking about it. As long as you agree that this is obviously different than Inscriptions the way it's done, I think we can have a disagreement on the level of risk you think it is. But like, and I'm not going to argue with that too much because it's like a, it's a subjective thing. Right. [02:09:07] Speaker B: It's, it's like predicting the future. You just don't really know the level of risk. You're just, everybody, everybody, Core and Knots are either fearful of the level of risk or just hoping and hand waving away that there's no risk. Yeah, and I don't think either one of those is totally true. It's probably somewhere in the middle, but literally nobody knows. But we've opened ourselves up to it. Even though nobody knows. [02:09:31] Speaker A: Yeah, exactly, exactly. That's, that's my problem. But, but what gets me fired up and angry is like on the core side when they, it's not that they're not arguing or what level of risk. It's, they're like, it's the same as the inscription is like, you know, the level is the same. It's like it's obviously not. There's like, it's. [02:09:47] Speaker B: It's very fair to say that it is not the same. [02:09:50] Speaker A: Yeah, exactly. And, and it's like an unknown. It's an unknown unknown. Like, like maybe they're right. Maybe it's not high risk. But like the fact that we introduced this for like no, like benefit. [02:10:02] Speaker B: There's no good reason. No good reason that bugs me. [02:10:05] Speaker A: It's just like 100% return free risk. [02:10:09] Speaker B: Yeah, return free risk. That's a great way to put it. The thing that gets me, and this is why I have such a hard time in being in support of soft work about this because like, I do feel pretty strongly about the issue, but the soft fork is a risk in of itself. Like softworks aren't Just because they're backwards compatible doesn't make them riskless. Right. And if I'm still not convinced it's an existential threat, I think it's a. I think it's an annoying problem and it sets us up for a fight that I didn't want to have to fight. [02:10:44] Speaker A: Yeah. [02:10:44] Speaker B: You know that like, why calls ourselves a problem on purpose when the justification for why this is beneficial seems so unbelievably thin to me. And some of them even seem like backsplaining. Like we're just going to do this and then we're going to come up with a reason why it's supposedly a positive and. But in the context of what disappointed me so much about it is that the refusal to allow the entire scope of conversation because it's like, oh, we're the developers and we understand code, therefore we know what the answer is. And it's like bitcoin isn't just like you said, Bitcoin isn't just code. Like bitcoin is a hundred layers of stuff from a hundred different disciplines. And you know, somebody who understands game theory incredibly well might not know jack about C, you know, like, but you sure as hell better take them seriously into what. In what they're saying. And somebody who understands economics and political potential risks or whatever, or adversaries who again might not know the first damn thing about a react native mobile environment or something. It doesn't. Who cares? That's not what it's about. Satoshi wasn't brilliant and didn't make bitcoin work because he was a brilliant coder. There were millions of brilliant coders already. It was because he understood seven or eight different layers of this thing, six of which had nothing to do with the code. [02:12:20] Speaker A: Exactly. Yeah. [02:12:21] Speaker B: And he knew how to put all of those pieces together. And now the developers think that because they understand code that they can stop fucking listening to everybody else. And it's like, no, you're going to get one of the seven important things and you're gonna, and you're literally going to just say that the other six aren't important because you just work out of a garage. And it's like, bitch. People have fundamentally like the people who know things, who really interact with the world and understand risks and problems and work with their hands are going to be able to contribute something. And the fact that you just outright dismissed it and we had the perfect solution because it wasn't a total solution. It was a small marginal cost and importantly it was proportional. It was proportional to the problem. Mempool policy is a perfect proportion solution to the problem of JPEGs. Solve forks are out of proportion in my opinion. It's a big step for what is to me a nuisance and a small problem. That's a big solution. [02:13:25] Speaker A: Yeah. [02:13:25] Speaker B: Mempool policy. When, when you actually do have some sort of cohesion in the network around what that Mempool policy ought to be and you can just respond to it very quickly and very, very low risk, you, okay, just update the Nimpool policy, you know, like, and it creates a marginal cost and it just disincentivizes a stupid way of using bitcoin. Like that just seemed perfect and we've lost that. And that's what drives me crazy is that you can't really get that back. And it's a, it's a one way function, right? You can't unscramble the egg. And now we do have this broken apart. And so now my thinking is that like, okay, well the thing is that we shouldn't have a cohesive mempool at all. That's the only like secondary alternative is that is you, you let this break up because this is an ongoing risk. But it just, we've lost our proportional way to fight this. That doesn't come with a lot of risk and it seems like there's no reason for it. [02:14:29] Speaker A: I still just, I completely agree and I'm very conservative on softworks for all the reasons you said. And yeah, just going back to it, like, yes, Satoshi wasn't the best coder and that's why like bitcoin core code is still like, was a bit of a mess. You know, like it wasn't easy for them to. [02:14:44] Speaker B: There's still a lot of bugs that are just there because we have to have Them, they're part of the. [02:14:50] Speaker A: Honestly, Talik is probably a better pure coder, right? But that is like the shit thinking is like, shitcoiners are shitcoiners because they look at Bitcoin and like, wow, we can do so much more technically here. Not realizing that the technical limitations isn't the only thing that's there, right? Bitcoin isn't Bitcoin because there isn't. You could increase transactions per second. Sure, that might seem like a better technical solution, but we know why that's not good from the other layers that you're talking about, right? So, yeah, a lot of core developers are shitcoin thinking. Honestly, just listening to some of these people talk on Twitter, it's just like, why are you even a bitcoiner? Just go work on Ethereum. And I don't agree with this thinking of, oh, more coders, the better. I don't think that's true. I don't think having more people on Core or people working in Bitcoin is necessarily better if they're not aligned with the ethos of Bitcoin. If they're not bitcoiners to the core, then I would rather them go work on Ethereum. Leave. [02:15:51] Speaker B: Well, I will say that that's not a totally unfair characterization, but I do try to caveat because it's so hard to say. It's hard to talk about this without putting making Core one big bucket, you know. [02:16:06] Speaker A: No, I agree. There's definitely good people at core. [02:16:08] Speaker B: Yeah, it's always important to just caveat that, like, A, this wasn't everybody B there. I think even, even the people who I believe came to the wrong conclusion, I think plenty of them did it for the right reasons and are actually ideologically ideological ethos aligned. They have good reasons to believe that the Mempool policy was just not a good solution anymore. But I, I also think they, many of them essentially came to that conclusion because we weren't doing anything with Mempool policy anymore. Because like you said, Luke proposed as soon as encryption inscriptions came out, proposed a simple way to add a marginal cost to that behavior and it simply wasn't implemented. And it's like, okay, well, yeah, if you don't do anything for three years, of course it, it's not going to do anything anymore. You know, it's not, it's not going to be able to react. It's like it is a cat and mouse sort of thing. If you don't actually adjust to, to how they're using this exploit, then yeah, duh you're not gonna, it's gonna just gonna increasingly get worse or they're just gonna find a way around it and then they'll just keep using that en masse and all the disincentive will stop. Like, if they actually had to, like, let's say there were three, just three nimble policy updates that attacked their ongoing methods in a very simple. Just like we're just not going to spread this around the node network anymore. [02:17:35] Speaker A: Yeah. [02:17:36] Speaker B: And like how quick like that may literally have stopped. The majority of it. Yeah, the majority of it. Because now they're having to just constantly change gears and rebuild their software. And of course they're going to say it's like, it's totally easy, we can just do this and we can just use this method. It's like, well, yeah, we can also just do this and just make a pain for your new method. And. But how many, how many users are going to keep doing that, you know, like going to the new thing because suddenly they can't see their JPEG or like the connection doesn't work anymore and now they have to completely update their software. Pull your seed into this new thing. You know, it just like it does, it doesn't square to me that, you know, there was, there was nothing we could do about it when still to this day operators were pretty reliably small. [02:18:30] Speaker A: Yeah. [02:18:31] Speaker B: You know. Yeah. [02:18:34] Speaker A: For the sake of technical argument, they always discount the human element of these changes. Yeah. Technically you can, they couldn't get around it. But like you're saying, like they discount the human element, like the human action part of it. Like would they do that though? [02:18:50] Speaker B: You know, like how long do they keep up with it? [02:18:53] Speaker A: Yeah. You know, and even looking as past evidence, like there's post buy Vitalik basically saying like, I don't feel welcome in Bitcoin because they're not changing the upper turn limit. So I'm going to go to Ethereum and I think that's a win. Right? [02:19:06] Speaker B: Yeah. [02:19:06] Speaker A: If these inscription spammers went to Bitcoin, Bitcoin, cash sv, Ethereum, whatever. I think that if we updated these filters on time and showed them that this is not what Bitcoin is, you're not welcome here. I think that would have been an outcome. Could have been an outcome, they would gone somewhere else and that would have been an absolute 100% victory. [02:19:26] Speaker B: Yeah. And again, we're, we're predicting a future that didn't exist, you know, so we have the benefit of hindsight of like, oh, if, if this policy hadn't happened, it all would have went. Would have worked. But I think there's decent evidence that that argument is not an absurd. That that's not an unreasonable position. [02:19:41] Speaker A: Yeah. [02:19:41] Speaker B: I just don't see how it is an unreasonable position even if it's wrong because we don't have. We didn't go down that path, so we didn't see. That's a perfectly reasonable assumption. I think from what we do know of Bitcoin's past, you know, and, and. [02:19:55] Speaker A: What'S the worst case alternative of it not working? We would have just. What we would have ended up in. [02:20:00] Speaker B: The same impulse policies and we'd be right where we are. Exactly. [02:20:03] Speaker A: Exactly. [02:20:04] Speaker B: Like what was the risk? There wasn't even really a risk. [02:20:07] Speaker A: Yeah. [02:20:08] Speaker B: So yeah. [02:20:09] Speaker A: When the reward, the potential payoff would have been much higher. So. [02:20:12] Speaker B: Yeah. And maybe instead of almost half the UTXO set being bullshit, it would have been like 10%. [02:20:18] Speaker A: Yeah. And I could have, I could, could have kept running Raspberry PI nodes without needing like NVMe SSDs and all this stuff. [02:20:29] Speaker B: I will say, I will say Lawrence actually put me on. I don't have a Raspberry Berry PI node at all anyway anymore. But. So I wouldn't even know whether you could or couldn't. But Lawrence did a bunch of testing. Like one of the things he does is just go through tons of different devices and do the ibd. And as he said, I have again, I haven't done it in a long time, but I don't, I don't see why he would just make shit up is that he said they've actually continued to improve IBD over and over again just because not even anything to do with like managing UTXOs or anything like that, but just like managing things at really low level like how the hardware treats the data and like, you know, how certain things are organized or pulled or whatever. So. So I will say the, you know, there may be a timeline where. And I'm sure certainly it's not easier because you're having to deal with half a UTXO set this bullshit. But it does seem like that's still on the table and the only real thing is storage still to this day. So that's good, that's good. [02:21:38] Speaker A: Yeah. They should keep improving it. But it's still much harder than it was to do IBD than it was before Inscriptions before these optimizations. [02:21:48] Speaker B: And the obviously in the exception of that like those optimizations would just been in that much better. [02:21:53] Speaker A: Yeah, exactly. [02:21:55] Speaker B: Yeah, yeah, yeah. Right. [02:21:56] Speaker A: Like basically Last time I tried to sync a Raspberry PI with just like an SSD, it did, it just did not work like over USB 3.0. It was taking like, like five days. I, I've heard that if you just have a, if you have a raspberry PI 5 with an NVMe SSD like the faster ones that will work better but I, I just transferred into just like having an actual Linux box then that was okay. [02:22:21] Speaker B: I'm actually curious now since when I get my studio back up. We're, we're on a couple months timeline now to getting all that. I do have some old Raspberry PIs that I never even utilized because they just got put into boxes during the remodel. I might actually do that. I might actually test it and see, see what we have to where that is just so I can know myself, you know. Don't trust verify. Right, okay. [02:22:45] Speaker A: Yeah. Um, yeah, yeah. And tweak those results out. I'm. I'm curious to see. Yeah, try with an ssd, try with an NVME SSD if you can and see how, how that is. [02:22:55] Speaker B: Yeah, I'll do that. I'll have that on the docket. Um, well, dude, thank you, thank you for coming on the show. I got a, I got a thing that I gotta beat to in just a couple of minutes. So this was fun. This was good. It was good hanging out man. And thank you for the suggestions on a number of things and thank you for finding OpenSecret. OpenSecret Cloud. Stupid, stupid URLs, man. You can never remember who remembers Cloud. But I'll definitely check those out and we should stay in touch, I hope. I mean it sounds like IRO might be a much quicker thing to that eventual like, you know what you said 6 months or 12 months to trying to figure out that syncing thing in the background and that's awesome. But I'll have a version of Pear Drive that you can look at and maybe there's no way to actually make it work with, you know, what you've got just because of the different environments, but check it out just to see and we'll talk. We'll talk because I'm, I'm going to be looking at this framework for managing keys and using pass keys because that's just a really clever. It's funny, I looked into this and Perplexity kind of told me like no, you can't do it that way. And luckily I had Praveen on the show and I found out that that is bullshit as I shouldn't listen to everything AI says. [02:24:23] Speaker A: Yeah, AI it's harder for them to do stuff that hasn't been done. [02:24:27] Speaker B: That's exactly. Exactly right. Exactly right. They don't know. AI is not a way to kind of like, push the boundaries. AI is a way to. To know the norm. [02:24:37] Speaker A: Yeah, yeah. Even for coding, it can't do your thinking for you, but it can do the typing. Yeah, yeah, yeah. If. If you don't mind, I want to do a quick pitch for Cove before we leave. [02:24:46] Speaker B: No, you. [02:24:51] Speaker A: Know, the only thing I want to say is follow me on Twitter, because I'm gonna get a Android beta out soon, so when that's available. Yeah, I'll. I'll tweet that out. So more people testing the beta, the better. And the only other thing I want to say is if you are using Cove on Android, on iOS and you like it, please leave a review on Apple. The main reason right now is because if I search Cove on the Apple App Store, it's not. It doesn't show up in the first page. You have to search Cove Wallet. So I'm hoping with more reviews and more downloads, that will be the case and it'll be easier for people to find when they're looking for it. [02:25:25] Speaker B: Well, I'll leave a review. I haven't, like, super jumped into it yet. No, you're right. It's still leaning on the first page. [02:25:31] Speaker A: Yeah, you have. There's CodeVault, which is super annoying. [02:25:33] Speaker B: Yeah. But I'll run through it and play around with it for a little while. Plug my micro card or something into it and give some feedback and we'll chat. [02:25:45] Speaker A: Awesome. Yeah, Love feedback. I create issues on GitHub for all the feedback I receive. So we'll get to it. [02:25:52] Speaker B: And the handle for that is literally Cove Wallet. One word, Right. And then what's yours? [02:25:57] Speaker A: It's just Praveen Pereira. [02:26:00] Speaker B: P E R E R A Praveen Pereira. I'll have all the links to all this in the show notes, but just in case. [02:26:05] Speaker A: Yep. [02:26:05] Speaker B: Yeah. [02:26:06] Speaker A: So thanks. Thanks for having me on. This was fun. Appreciate it. [02:26:09] Speaker B: Yeah, dude. Yeah, dude. Good hanging out. We'll chat and thanks for coming on Bigger Normal. [02:26:14] Speaker A: All right, thank you. [02:26:15] Speaker B: Have a good one. Later, man. That was a fun episode. That was a really good episode. Don't forget to check out all the links. Check out Cove Wallet and leave him a review. Don't forget to review the this show as well and share it out. I really, really appreciated the conversation and I thought he had a lot of great Things to unpack and I am trying to make our deadline. We are aiming for the end of January for Pear Drive. Trying to make deadlines is probably a really dumb idea and I'm likely to just embarrass myself with not being finished with the new version yet again. But I do think we are finally on the right track to a full blown desktop, mobile and core implementation that are production ready. So you know, if we miss our mark, yeah, it is what it is. But I think in, I mean I've missed my mark on the remodel and on 10 other projects but eventually I get it done and I am in this until we get it done. I refuse to let this not be tested in the real world because I think the idea is sound enough that if it's given the opportunity I think it could succeed. So I would love to see what other people think about it. And I shout out to Praveen for Cove Wallet. I'm going to be checking that out and I'm going to read much more in depth to the article that he broke down and I love seeing other people build solutions to a problem that we are trying to solve. And even in a completely different context, I think this is one of the core issues and I think he's made he struck a really incredible balance that could be useful in so many different contexts. The fact that it is applicable to our setup I think is a pretty key indicator of that. So check it out. Especially if you're a builder or you're a vibe coder, look into this idea and think about security. Think about those risk trade offs and accessibility for average users. Because that I think is where we will see being able to bring these tools to an entire generation and to millions and hundreds of millions of more people in a way that's really easy and yet is still far more secure and has less risk from multiple different angles than what has become the default. So again links and details down in the show notes. Also to our amazing sponsors, we've got Leden, we've got Synonym and Pubch key app, then we've got Get Chroma for Lighthealth. Actually just bought a couple things for my wife on Christmas. Very happy about it. Which by the way there's a 10% discount. Again don't forget about discount codes. And then lastly the hrf, they also have the Oslo Freedom Forum they are doing this year which will be in June 1st to 3rd of this year. Tickets I believe are already on sale. I will have the link down in the show notes and with that. Thank you, guys. Don't forget to share us out. Don't forget to subscribe and tell everybody you actually care about to listen to Bitcoin Audible and I will catch you on the next episode of this show. I am Guy Swan, and that is our $0.02. [02:29:50] Speaker A: Sam.
Previous Episode

Other Episodes

Episode

May 29, 2019 00:51:33
Episode Cover

Guystake_016 - Drama, Drama, Toxic Drama

Curious about all the #BitcoinTwitter buzz recently?  I went digging to find the associated twitter threads & comments to read, and then discuss my...

Listen

Episode

May 02, 2018 00:11:17
Episode Cover

CryptoQuikRead_062 - This New Scaling Layer Could Make Lightning More Effective

An introduction to Channel Factories and the concept of a new Layer 2 protocol that could shift the Lightning Network into Layer 3.  Is...

Listen

Episode

July 31, 2021 00:40:17
Episode Cover

Read_548 - This is Not a Drill! [Jake Chervinsky]

"Here's the deal with the US infrastructure bill: A new provision has been added that expands the Tax Code's definition of "broker" to capture...

Listen