Interesting page. The "over-the-air" update thing, I'm not familiar with it, but does it mean auto-updating somehow? Either way it looks bad indeed. And the hardcoded password one also looks bad, that's not the kind of tradeoff for convenience that I think ever makes sense (mainly because it has a global effect, i.e. attackers know all have it).
The root thing may or may not be terrible I guess it depends on details of set up.
@waxwing Yeah, hardcoded passwords is a no-go. They already do OTA updates (it's just downloading Docker containers), but there's no signature validation apparently.
All in all, I have no idea why they would build *anything* else on top of this, before addressing the fact that it's still not ready for actual money, while everyone's already using it with actual money.
@raucao about OTA, yeah, but I was asking if it's somehow auto-update, i.e. is the user not required to manually do it. But the question would then be, do they sign these docker containers/files whatever as releases so that people could at least verify it themselves if they chose to. (I guess that's not the target audience).
@waxwing I don't remember if there was auto-update by default, but I would expect it, considering good UX being the main priority of the project, and that they had mostly achieved that goal, when I tried it out earlier this year.
@waxwing Then again, they also thought that CC licenses are "good enough" for software, and that the best business model for a personal bitcoin node would be to make the software (that ties together nothing but free software) non-free, and selling OEM licenses to hardware vendors.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!