Yishi
@ohyishi
cooking onekey 👉 https://t.co/VuDtV3zk82
5.3K Following 82.8K Followers
ledger recover 与其说是为普通用户设计的,不如说是方便政府罚没和黑客窃取的工具,我想很多人揣着明白装糊涂。
世界上不只有一个硬件钱包厂商。你完全可以选择一个更开源、更透明、更本分的。
Show more
虽然我之前已经了解过 Ledger Recover 的原理,但既然 Ledger 希望我继了解下…
https://t.co/qdWIT8Fxdx
这不温习还好…我实在不理解一个本来很硬核的钱包品牌,为什么会把安全营销做得如此神奇,比如:
Ledger Recover is completely secure
…
However, should someone steal your funds using Ledger Recover, Coincover offers users $50,000 in compensation. That just goes to show confidence in the product’s security.
这文案谁写的?完全安全?你都自认为完全安全了,怎么还有“但是”?然后这 $50,000 的赔偿对于硬件钱包群体,是不是过于不自信了?
好,忽略文案,看看 Ledger 初始化后,在 App 里显著的 Recover 广告引导(如图1/2/3/4),如果我脑子发热且我有资格,我真的用了这个服务,此时我第一个明白的是:我硬件钱包里的助记词数据(我不管所谓的军工级加密)从我硬件钱包里分三片段分别发送给了三家公司,存储在广告里所说的 HSM 里,但我没法验证…
此时我大脑已经非常紧张了,我用的这款硬件钱包居然有个口子是可以把助记词数据(哪怕高强度加密)提出硬件钱包…通过网络发送出去…
而解密流程有个关键的验证机制是由身份验证公司来负责的,通过验证了就有机会拿到 Recover 里备份的片段(有三个片段里的两个即可),然后恢复…
当然我相信这些过程里还有许多细节是我没真的感受到的,我难以确定这套流程是不是很可靠,但我觉得 Ledger 打破了本该属于硬件钱包应有的安全边界。Ledger 如果要继续这个 Recover 业务,还不如从现有硬件钱包安全架构里隔离出去,完全独立掉,否则干脆出个带 Recover 服务的硬件钱包型号,想用的人买这个型号就行了,不想用的人,就别来干扰了。
秉承 UNIX KISS(Keep It Simple, Stupid) 思想,保持简洁,别搞复杂了,复杂之中必定留坑。
最后请注意:这里我仅发表我对 Ledger Recover 的安全意见,就这样。
Show more
0
0
0
7
1
being bagheld is part of the build. maybe, just maybe, diamond hands aren’t born — they’re cornered into it.
0
0
1
4
0
never thought buying a labubu would need both purchase history and a scalper.
0
0
0
0
0
you don’t find joy by looking for it. you find it by caring deeply about something else.
0
0
4
11
0
my daughter is now 4 months old. from the day she was born, she’s been living in a world where crypto already exists and ai is used across every industry. using stablecoins and web3 wallets will be as natural to her as breathing.
as her father, i don’t want to place any pressure on how she grows up. instead, i’ll leave her a hardware wallet. odds are, she’ll live to 150 — and her first asset is already waiting for her, on-chain.
Show more
0
0
3
11
0
the companies that will truly bring humanoid robots to consumers and dominate the market likely aren't the current players. they might emerge from vacuum or pool cleaner manufacturers instead.
0
0
1
2
0
cooking something big w/ ethena, you’ll hear the moment it drops. give it ~2 weeks. it’s gonna shake things up, and everyone’s gonna be happy.
0
0
0
3
0
suffering deserves understanding, not worship. you’re not here to romanticize pain — you’re here to build a life worth living.
don’t throw a filter over your youth, your village, or that filthy ditch by your childhood home. they’re not sacred. they’re just memories — no better than today.
your brain edits the past to protect you, trimming out the shame and leaving only the soft edges. if every ugly frame stayed sharp, you’d fall apart.
look forward. life has no script and no walls. stare at a star map long enough and it hits you — earth is a dot in a galaxy of dots, and your life is a flicker. your birth and death won’t even register on the scale of the cosmos.
you are not the center of anything. you are not chosen. you’re a sequence of agct, one of billions. there is no built-in meaning.
you get one shot. one moment. that’s it. make it count — or don’t. the universe won’t care either way.
Show more
0
0
0
0
0
if you had to choose, which country or city would you most want to move to?
0
0
0
0
0
just released firmware 3.10 for the original classic (not classic 1s, and no, we didn’t forget it). you can now safely surf solana and aptos dapps w/ it.
0
0
1
1
0
for non-listed crypto companies, issuing debt to buy tokens isn’t really an option. so building crypto reserves isn’t very practical either.
a more feasible way is to regularly set aside a small part of revenue to buy bitcoin and never sell. this creates moderate exposure without adding operational risk.
but at the core, growth and revenue matter most. if profits mainly come from price gains instead of actual business output, something’s off.
earning tokens ≠ making money. if your bottom line depends on asset swings, it might look good, but it’s shaky. a solid crypto company should thrive even in flat markets. bull runs should be accelerators, not life support.
Show more
0
0
0
2
0
contract under review — soon you’ll be able to invest in pendle pt/yt effortlessly via 1k.
0
0
0
0
0
heard a podcast today about netflix — marc randolph said: “hard work often doesn’t change the outcome.”
brutal, but true.
most people’s “hard work” is just bleeding out on the details, using sweat to cover for a flawed direction. better to leave early than to sprint at the gate — that’s called strategy, not damage control.
same in business. when the core direction is wrong, last-minute deck edits, obsessing over details, or fighting for presence — all wasted motion.
of course, early-stage startups are a different beast. no experience, no network — you survive by grinding, by clawing out time. but that’s effort traded for survival, not hustle fixing a broken plan.
if the path is wrong, effort is meaningless. worst case? you’re sprinting the wrong way with full confidence.
don’t polish a turd. stop. change direction. nothing’s more important than that.
Show more
0
0
0
2
0
lots of ppl got rich off crypto — should’ve been free, but scared of boredom, they ended up stuck in deeper emptiness.
happiness isn’t noise or hype — it’s peace. if u can chill, that’s enough. the rest is extra.
Show more
0
0
0
0
0
for a business, there are two original sins: not making money and not growing. having one is tough — having both is fatal. it’s not just about making money, it’s about striving for something beyond profit.
Show more
0
0
0
2
0
big thanks to the team — this is just the appetizer for the year. https://t.co/L7ED9o24Iq
0
0
2
4
0
it’s been 5 yrs since the first onekey wallet dropped — grateful for everyone who’s been with us on the ride. we’re still at the table, and yeah, we’re cooking something new. https://t.co/0We1VhILq2
Show more
0
0
1
8
0
最近我们取消了所有非远程岗位的视频面试,全部改成线下。
有 ai 后,视频面试彻底变味了,变成一场心照不宣的表演。候选人背后准备了一堆 agent,面试官假装自己问出了问题,而对方假装自己给出了答案。
所有回答都被精准调教过,视频面试的意义不存在了。
Show more
0
0
0
7
0
