> Umbrel partnered with The Bitcoin Machines to offer a plug-and-play all-aluminum node and server combo.


I guess we're just going to ignore the fact that, while adding NextCloud and other unrelated apps to Umbrel, they *still* haven't addressed the security issues, which they themselves state are so big, that it's not recommended to put actual money on an Umbrel node?




Interesting page. The "over-the-air" update thing, I'm not familiar with it, but does it mean auto-updating somehow? Either way it looks bad indeed. And the hardcoded password one also looks bad, that's not the kind of tradeoff for convenience that I think ever makes sense (mainly because it has a global effect, i.e. attackers know all have it).

The root thing may or may not be terrible I guess it depends on details of set up.

· · Web · 1 · 0 · 0

@waxwing Yeah, hardcoded passwords is a no-go. They already do OTA updates (it's just downloading Docker containers), but there's no signature validation apparently.

All in all, I have no idea why they would build *anything* else on top of this, before addressing the fact that it's still not ready for actual money, while everyone's already using it with actual money.

@raucao about OTA, yeah, but I was asking if it's somehow auto-update, i.e. is the user not required to manually do it. But the question would then be, do they sign these docker containers/files whatever as releases so that people could at least verify it themselves if they chose to. (I guess that's not the target audience).

@waxwing I don't remember if there was auto-update by default, but I would expect it, considering good UX being the main priority of the project, and that they had mostly achieved that goal, when I tried it out earlier this year.

@waxwing Then again, they also thought that CC licenses are "good enough" for software, and that the best business model for a personal bitcoin node would be to make the software (that ties together nothing but free software) non-free, and selling OEM licenses to hardware vendors.

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!