Home of Dr. Goss

Apparently I've had this domain for the last decade and largely neglected it. Out with the old (archived here; ignore the navigation bar). Anyhow, I finally have something to say and it might as well stay around for a decade or two as I suspect this will remain relevant for a while. See below.

Coldcard wallet

First impressions / rough draft 6/2/2019

Just collecting my thoughts right now

I'm a busy guy...I haven't a ton of time with work, wife, kids, etc. I already store my funds securely offline with a Trezor. Why bother looking into another hardware wallet?

As the value of what you are securing goes up, your security plan should change. Bitcoin price was about 20x lower when I last worked with a hardware wallet. What do I feel I am missing?

Privacy. I would feel rather awkward plugging in my Trezor and telling our friends at Satoshi Labs how much Bitcoin I have. I would feel even more awkward doing that from home. So, how I use (or have used) my Trezor isn't so desireable anymore. New wallet software (like Electrum with Electrum personal server) can mitigate this issue, if you have an extended public key handy...which I don't.

If I have to restore seed to Trezor (original one that is), I have to connect it to a computer and use it to get seed into the hardware wallet. I believe this is true for the Model T as well (although you type on the screen of the hardware wallet itself). The Ledger Blue lets you restore a seed without touching a computer, if you're ok with some RF leakage (screen pixels light up when you press buttons). I want an airgapped solution. Cold card is fully air gapped. As far as I'm aware, this is the only fully airgapped solution end to end.

Random numbers are hard to come by. I'm not well versed in hardware entropy sources, so I will always be skeptical of them. Therefore, I insist on adding some of my own entropy (with a flipped coin). How can I do that? Passphrase protecting the seed. This is probably the best place for user generated randomness. So I want a wallet that respects whatever BIP it is for password protecting seeds (I believe this excludes Ledger wallets).

Things I didn't know I needed until I got a Coldcard:

  • PIN process that proves to me that I'm using my device
  • Duress PIN
  • Brick-me PIN
  • Ability to lock seedphrase into the hardware wallet itself
  • Genuine vs. caution lights
  • Digital backups

Coldcard PIN Process

The Coldcard pin process is a two step process. The PIN is divided into two segments called the prefix and suffix, each 2-6 numbers in length. After you enter the prefix, the wallet looks up a word pair associated with the prefix (presumably from the wallet seed phrase word list I'm guessing). Thus, when you type in your pin, you will see the same two words every time. If you see new words...it's either not your device or someone has made a decoy to steal your info. After you identify the device as the correct device with the prefix, you enter your suffix to access the wallet.

Duress PIN

I haven't played with this yet, but as I understand it, you can type in a different PIN to access a different wallet. This wallet will presumably have some "go away" money for the wrench attackers. This might make sense, but I'm a bigger fan of the brick-me PIN.

Brick-me PIN

This PIN will destroy the device. Not like self destruct in the flames and explosion sense, but, just as effective. When this pin is entered, the device overwrites the seed/master private key, removing it's ability to sign transactions. The Brick-me operation goes a step further and overwrites data necessary for the device to function at all...it becomes a true brick. You couldn't restore a seed onto it if you tried. Please recycle.

Gimme My Etropy

Passphrase FTW!

If you set a passphrase, you need both the seed and the passphrase to sign transactions. If you're like me, the passphrase will be of lower entropy than the seed. You should not store the passphrase and seed phrase/mnemonic in the same place. If you have physical security tiers, put your seed phrase in your highest security tier. Put the passphrase in a lower tier (like a bank safety deposit box). How to make a good passphrase? Cold card make it easy to type in words. Flip a coin 11 times to create a number between 0 and 2048 and look up the corresponding word on the BIP 39 wordlist...there appear to be more words in the Coldcard than just the BIP 39 list, so you could also just open the dictionary to a random page and randomly put your finger on a word. How many words is enough? Depends on how you intend to store it and the seed phrase. Using 12 words would be very secure but harder to memorize than say 6 words. Remember, the passphrase is protecting your offline/paper/metal wallet seed phrase. You will need it and your 24 seed phrase words to move to a new hardware wallet. Also, unlike the 24 word wallet seed phrase, the passphrase has no checksum. Thus the wallet has no idea if your password is correct (but can tell if an invalid seed phrase was entered). Cleverly, after you type in a passphrase, the Coldcard gives you a fingerprint of the wallet your phassphrase and seed phrase combination creates. Write this down! This is how you know you are logged into the correct wallet. Imagine sending your life savings to an unknown wallet due to a typo! Trezor mitigates against this by making you type your password twice...two typos and you could be really screwed. So check the wallet identifier everytime you enter a passphrase.

Passphrase lockdown

Your PIN protects the device which makes the passphrase redundant (as far as that device is concerned). While you can use multiple passphrases for multiple purposes (ie, passphrase 1 = secret given to heir #1, passphrase 2 = duress wallet {not related to duress PIN feature}, etc), you can "lockdown" the passphrase to eliminate the need to type it over and over again into the wallet. If you do that, it becomes important not to store your PIN near the device (or even store it at all...if you forget the pin, just start over from seed phrase and passphrase). If someone finds your device, a good long PIN will make it impossible to use the device. The device enforces an exponentially increasing time out for each wrong PIN code attempt, so 30 incorrect attempts would take about a lifetime give or take (don't quote me on the specifics here).

With passphrase lockdown, you lose the ability to type in different passwords for different accounts, but, you can use the same wallet seed phrase multiple independent wallets. You can safely store the seed and separate passwords and dedicate a coldcard to each password. You could imagine giving a Coldcard to each of your kids and managing their passphrase for backup. No need to backup a separate seed phrase. No need for them to memorize anything other than a PIN.


Okay, we have a lot of moving parts now: a hardware wallet, a wallet seed phrase, a passphrase, and a PIN. If you have hardware wallet and PIN (and passphrase on lockdown) you can spend. If you have wallet seed phrase and passphrase, you can spend. If you throw away the PIN (memorize it), you can leave the Coldcard in your lowest physical security tier (like at home if it's not too much money or a bank safety deposit box). Your wallet seed phrase should go in your highest security storage tier (non-bank depository institution, using something like a cryptoseel or hammered into titanium, not paper). This well for high value funds but takes alot of time to set up. If you threat model doesn't include state sponsored attackers, is there a middle ground that is cheaper / faster to deploy?

Encrypted Backups

Coldcard lets you write a backup of your wallet seed phrase (or master private key if "passphrase lockdown" is on). Generally speaking, exporting seeds is a dangerous thing to do. Coldcard wallet will pick 12 random words to encrypt the backup and will write the encrypted backup to the SD card. After storing your 12 random words securely, you can now create as many digital backups as you'd like and store them in low security environments (not near these new 12 words).

Electrum Integration

Coldcard wallet has a menu option to export a wallet json file to SD card for easy import into Electrum. I installed Electrum Personal Server on top of my laptop's Bitcoin-qt (which is unpruned and indexed...boy did that take a while). Once I set the RPC user name and password in bitcoin.conf and EPS configuration file, and set localhost for the server in Electrum itself, I had a basic private electrum wallet up and running. All I had to do was import the json file into electrum, get the extended public key and copy it into the EPS config file and restart the server. Order is important here...don't import your wallet to electrum before setting it to use localhost as server or you'll spill your privacy all over the place :).

Firmware upgrade

I bought my Coldcard a while ago. In fact, I bought an original cold card but never had time/motivation to learn how to use it. So by the time I got around to using my mark 2 Cold card, it needed a firmware upgrade. This is another security vulnerability, so you've got to be very careful upgrading firmware. I downloaded the latest firmware, checked it's sha256 hash against what the download source said it should be, and checked the signature against ThomasV's (which I imported and checked 4 sources to confirm was correct). This manual verification made me feel comfortable installing this firmware. During install, the caution light goes on. If you see that light go on, you should understand why it is on. This makes sense. I presume this light stays on until you "bless" the firmware using the menu option (which I presume would require PIN being entered correctly). I say presume because I did the upgrade before setting PIN or seed phrase.

How-to Setup Your Own Blockstream Satellite Node for the Bitcoin Network

...or, how to turn spare parts into financial sovereignty.


Can you see the sky? Are you on Earth? If yes to both, chances are you can receive the last 24 hours of Bitcoin blockchain data (and other data as well, which is awesome but another topic). All you need is an old satellite dish, a cheap software defined radio, and a reasonably modern linux computer (Intel i5 or better).

Broadly, the steps involved are: Get a linux Bitcoin node up and running, mount a satellite dish, install an "LNB" and power it up, point dish roughly in the right direction by compass, coarse align with sat finder, install a bunch of software, launch blocksat gui and carefully align dish (a multi-step process), configure Bitcoin to read the file the blocksat-rx software downloads from space, and test to make sure it works.

What You Will Need

I may change this parts list as I'm still swapping out parts and/or stuff I bought is no longer available. I'm going to link to Amazon for this (I use Amazon Smile and my charity is BitGive Foundation...More people should donate this way...I represent about 10% of all AmazonSmile donations to BitGive and that ain't right).

  • Satellite dish (bigger is always better; 45 cm is the minimum for Ku band; 60 cm for C band in Asia/Pacific region). Having done this now 3 times with different dish sizes, aligning is really really easy with a 90 cm dish. My first attempt was with a 45 cm dish and it took a while. With practice it gets alot easier. Helps to know where in the sky to aim at.
  • Power inserter
  • Intel Core i5 or higher computer...I'm using a 2014 Mac Mini with a 2.6 GHz dual core i5 and 8GB ram.
  • An LNB (this is the thingy that collects the satellite signal being bounced off the dish). I am gonna try this LNB on Tuesday 29 January 2019. *UPDATE* That second LNB I believe needs a 22 kHz tone generator to work...because my test failed.
  • An adjustable LNB bracket
  • A Software Defined Radio (SDR)
  • A coax to F type adapter cable to connect to the SDR

Helpful but not mandatory

  • I found a satellite finder to be rather helpful. This one works moderately well. I'd like to find a better one though. Skip the sat finder. You get much faster feedback with the gui from Blockstream.
  • Coaxial Cable: I haven't needed any cable yet as I got tons with the house when we moved in, but, if you need cable, get good cable -- you want this setup to last! Look for quadshield RG6 cable, direct burial type if you can find it. RG11 is even better, but more expensive, and probably only worth it if you need to run more than 200 ft of cable. Because you'll be dealing with an amplified signal, cable attenuation isn't a huge deal.
  • Coax crimper: I haven't used these yet, but, it should be alot easier than terminating an ethernet cable.
  • A bubble level: used to make sure your dish mounting post is level

Step By Step

Get Linux Installed

Blockstream Satellite Receiver software is packaged for these LInux distributions:

  • Ubuntu bionic (18.04)
  • Fedora 27
  • Fedora 28
  • CentOS 7

I chose Ubuntu because I haven't heard of the others. Kinda lame, I know. Not sure the nerd in me approves of Ubuntu (kinda miffed about it, actually), but nerd Brian has to take a backseat to busy Dr. Brian and go with what seems likely to be easy.

Downloading and installing Linux may or may not be straightforward for you. It's a little tricky installing to an external SSD on a Mac mini. If anyone is truly interested in that, I can post instructions. If you are in the market for a new laptop, try this one from Dell, it'll come with Ubuntu already on it. That said, like everything in life, you can spend no money (I found a disused mac mini in my father in laws basement near a skeleton), or you can spend a lot (even more pricey than the Dell above). YouTube can be your friend if this is your first Linux install.

Compile Bitcoinfibre

Bitcoinfibre is a branch of Bitcoin Core with added features, only one of which concerns us here (for now): Bitcoinfibre can read data from a file pipe as if it were being relayed from another Bitcoin node. The way this will work is the Blockstream satellite receiver will write data to /tmp/blocksat/bitcoinfibre and Bitcoinfibre will read this data as if it were coming from a peer on the Bitcoin network.

BE CAREFUL which version you install. As of 25 January 2019, none of the "released" versions of Bitconfibre are compatible. Only the current "master" branch (linked above) will work. I made the mistake of downloading the release version before the current "pre-release" version (which itself says don't download the pre-release version as it's not compatible with Blockstream satellite receiver)..don't download any "release" version!

Unzip the file above (try tar -zxvf) and cd into the directory the file unzips to. Then install build software and dependencies (programs that you will use to compile your program or programs that your program will use; I installed every dependency, including the optional ones). Then standard compile instructions should work (./autogen, ./configure, make, make install). Instructions here.

Run Bitcoinfibre

If you're like me, you'll want to keep Bitcoin blockchain data on an external drive. The version we're gonna run doesn't have a graphical user interface...I think you can substitute bitcoin-qt for bitcoind in the following command (presuming you built bitcoin-qt...that requires you to install qt libraries above):

./bitcoind -fecreaddevice=/tmp/blocksat/bitcoinfibre -dbcache=4096 -datadir=/media/myusername/bitcoin 

The -fecreaddevice command argument tells bitcoind to read data from that file like it is a node. That file is made by the Blockstream satellite software, so if bitcoind complains, just delete the argument for now and add it back later. The dbcache argument assumes you have 8 GB of ram which should speed things up. If not, lower it. For reasons I do not fully understand, a ridiculous amount of reading and writing takes place during verification of the blockchain. Not SSD friendly that part. The datadir is where you're gonna keep the blockchain stored. Hopefully you already have a copy of the Bitcoin blockchain you've already verified...or if you trust some random guy on the internet who claims to be a radiologist with a background in astrophysics, math, and engineering...you can skip some signature verification and save time by adding the argument:


Pro Tip

You can follow bitcond's progress two ways:

  • using bitcoin-cli (hat tip to Adam Back for pointing this out to me!)
    • bitcoin-cli -datadir=/media/myusername/bitcoin getblockcount
    • If you get an error talking about RPC passwords and baked goods (cookies), it's because bitcoind won't let you in unless you specify the -datadir...
  • using the "tail" command on the debug.log file (hat tip to notgrubles for this one!)
    • tail -f /media/myusername/bitcoin/debug.log
    • add -s 10 if you don't want a seizure.

Anatomy of a Satellite Dish

Some terms we will use are defined to the left

Mount Your Satellite Post

WARNING: It's winter. Most people put satellites on roof tops. I did radiology residency at a "multispecialty group practice located in southwest Minnesota with a worldwide reputation," and it was amazing, but, people would climb on their roofs with shovels, fall, and permanently lose the ability to move 2-4 limbs. Don't do this. Remain neurologically intact and do not fall off your roof. You've been warned.

My house came with a satellite mounted on a retaining wall at ground level. So I didn't have to do this part. Anyhow, getting the mounting post level is important. Use a bubble level and be as precise as you can be. It will make rough dish alignment much easier. I have a bigger satellite dish coming in the mail so I can have the joy of drilling into concrete and mounting my own dish. If you have to assemble your dish, check out this video.

Attach Your LNB

I had to drill a hole in my LNB arm to get my LNB holder centered on my dish. Depending on your satellite and LB, you may have to turn your LNB in the holder 90 degrees to get to vertical polarization (your LNB may also support changing polarity to vertical with a lower voltage power inserter. I couldn't find a lower voltage power inserter on Amazon).

Supply Power to Your LNB

It's kind of important not to screw this part up, so I won't let you. Your power inserter should have two female coaxial connectors. Connect the one that says "POWER TO SWIM" to your LNB. then plug it in. That's it; if you've screwed this part up, it's no big deal...yet...if you put power to the SDR you could hurt it or your computer. This is where the satellite finder comes in handy (it shall be our canary in the coal mine, so to speak). Connect your satellite finder to the "SIGNAL TO IRD" coax connector. Now you're ready to start aligning.

Power LNB

Connect LNB to "POWER TO SWIM" side. The other port is for other stuff...stuff that might get fried you mix these connections up. Connect your satellite finder to the "SIGNAL TO IRD."


Compass Alignment -- Elevation

First, we are going to look up how high we need to point our dish. We need to pick which satellite to connect to and then we can get a precise angle from the Dish Alignment tool at the bottom of Blockstream's website. You might have to rotate the LNB in the LNB holder to get the right polarity. Do that first. Then set the elevation angle. This sounds easy, but I can assure you it can be screwed up. The dish will have a protractor (angle measurer) built into the mount. DO NOT try to estimate this angle by measuring along the LNB arm for two good reasons: 1) The physics of the reflector indicates the beam comes in at a significantly steeper angle, so trying to measure along the LNB is pointless and 2) I tried it, it didn't work.

Galaxy 18 is that way...

Yes I'm aware of the "privacy leak" here. That said, physicians don't get privacy. Just look at public records.

If you only work on this in the dark...

...you might not notice this! It won't be exact, no matter how careful you are!

Compass Alignment -- Azimuth

With elevation set, grab a compass and find roughly what direction to point your dish. For me, 195 degrees is basically south and to the right a smidge. I chose to use Eutelsat 113 because the azimuth angle was 178, which is 180 in my book. Note, the iPhone is kind of a poor compass. Now turn on your satellite finder and select your target satellite. Make sure your satellite dish can move smoothly after you've loosened the screws. If it can't, take it off and sand the post and lubricate it. It is crazy hard to adjust with imprecise coarse movements. Sweep through a fairly large angle until your satellite finder passes through a strong-ish reading. Then turn the dish the opposite direction and go back through that region. If you don't get a signal, adjust elevation slightly and repeat. You can move fairly quickly in a raster pattern until you get some signal. Then pass back and forth along the azimuth direction to get a feel for where the center of the "sweet spot." Once you align roughly on the sweet spot, then slow way down. Make small adjustments. Pause after each adjustment for a few seconds...Find the azimuth where signal is the strongest and then adjust elevation until finding what seems like max signal. You might have to repeat this process, but, by starting with coarser movements and finishing with fine movements, you can get the hang of it pretty quickly.

**UPDATE** When I set up my second dish I used two iOS devices and FaceTime...I ran blocksat on my computer inside the house and watched the monitor while standing at the dish with a ratchet (or spanner I guess if you speak proper English). Also, this website can show you on a map the direction you want to point your dish: http://www.satsig.net/maps/lat-long-finder.htm

**UPDATE 2** Wondering if something is blocking your view? For an outrageous price you can get an augmented reality view of your local sky with satellite overlay: https://www.dishpointer.com (scroll down for iOS and android apps). I shelled out $20 to test this. A really big tree is really not in the way of my dish site.

Satellite acquired

Not the best signal, but, it's good enough for this part of the alignment process. (See above, I wouldn't use this meter again).

Install Blocksat

Instructions are found on github here. I somehow missed the "verify" sections of those instructions, and things still turned out fine.

Now you can disconnect your satellite finder and hook up your F-cable adapter to the "SIGNAL TO IRD" on the power inserter and connect to the SDR. Insert the SDR into your computer.

Launch Blocksat and Perform Fine Alignment

You'll have to do a little math...but instructions are here. Follow through steps 5, 6, and 7. Of course higher SNR is always better. This step requires seeing your computer output while being able to adjust the satellite. I used my iphone, an ipad, and my 6 year old's karaoke stand and called myself on FaceTime. Worked well enough. Here's my view of Eutelsat 113 and Galaxy 18: https://twitter.com/_drgo/status/1110274776235270144?s=21 and a screen recording of adjusting a dish in real time: https://twitter.com/_drgo/status/1110275605084303360 (in the clip I perform alignment twice, pushing the dish all the way down and to the left in between)

*UPDATE* LNB Translation adjustment

I discovered today that how far towards or away from the dish the LNB sits in the holder can make 1-2 dB worth of difference to the SNR. I pushed mine back about 2 cm and it made an important difference to the download speed too.

Sanity Check

Make sure you're downloading something useful. If you don't see a download speed, like on the first image, it won't work...your node won't stay synced. Unlike in all my photos, you want a download speed that is consistently above 11 near 14 kB/sec. I did not achieve that reliably until sliding my LNB back as far as it could go in the LNB holder.

If you never see download speeds...guess what...

You aren't downloading anything useful.

See the speed? As of v1.3 this should be about 14 kB/s

SNR will depend on where you live...5-7 dB SNR might be more typical. I live in a hotspot for Eutelsat 113

Final Tip

I believe this section is outdated! If you are getting OK SNR but aren't getting data or aren't getting data reliably, you might be having some phase/timing error. Try adding -l 800 to your blocksat-rx command. If 800 doesn't work, try values from 100 to 2000. The higher the value, the longer it will take to frame sync. Go carefully through this section of the wiki (in resource section above)

Blocksat API

This is just too cool not to mention...you can use your satellite node to receive messages...and you can send messages via the Lightning network. I read a "satellightning" blog from a user in a cold bloc country...amazing. Anyhow, it took me about 5 minutes to learn how to receive messages.

Download the Blocksat Source Code, unzip it, and cd into the api/examples directory. The file you want to run is: api_data_reader.py but it has a dependency list (see requirements.txt). For my ubuntu setup, I only needed to install python-gnupg:

sudo apt-get install python-gnupg

Then, just run the file:

./api_data_reader.py --plaintext

There are more instructions needed for using the api_data_sender.py file, but I followed these instructions and got a virtual environment all setup. I even sent a message to be paid for on lightning network...as soon as I get some testcoins.

Saves to file on disk with timestamp

I can't wait to see what was sent! When I first did this, I didn't use the --plaintext argument...it defaults to trying to decrypt what it received.

My First Message From Space

Gratitude! How fitting.

Sending Data to the Globe

Sending data through the blocksat-api is a bit more involved than reading the plaintext that comes through. You can send through the internet to Blockstream's satellite uplink...you can do this from your satellite node, if it is connected to the internet (recall, just because you're downloading data via satellite, that doesn't mean you're "connected" to anything!):

./api_data_sender.py --send-raw -f MyGlobalMsg.txt

You will then get a lightning network invoice to pay for your broadcast. That said, if you don't want to connect your satellite node to the internet, you can queue messages for broadcast via the web: https://blockstream.com/satellite-queue/

Right now, payment is made using testnet bitcoins (valueless tokens for developers to test their code without having to risk losing money. To do that, you'll have to sync a testnet node and a lightning implementation and make some payment channels with nodes that don't have too many "in-flight" coins...that all takes a while. I tried sending payment through Zap, but, it kept crashing. I was able to send payment using lightning command line:

lncli payinvoice "myinvoice"

My First Global Message

Today I have stood on the shoulders of giants to shout a call to action using words wiser than my own...a new tool is at hand, use it well!

Come Join the Wild West!

Have questions? Shoot me an email: brian@drgoss.org or reach out on Twitter: @_drgo

Cowboy up!