> Umbrel partnered with The Bitcoin Machines to offer a plug-and-play all-aluminum node and server combo.

I guess we're just going to ignore the fact that, while adding NextCloud and other unrelated apps to Umbrel, they *still* haven't addressed the security issues, which they themselves state are so big, that it's not recommended to put actual money on an Umbrel node?


Interesting page. The "over-the-air" update thing, I'm not familiar with it, but does it mean auto-updating somehow? Either way it looks bad indeed. And the hardcoded password one also looks bad, that's not the kind of tradeoff for convenience that I think ever makes sense (mainly because it has a global effect, i.e. attackers know all have it).

The root thing may or may not be terrible I guess it depends on details of set up.

@waxwing Yeah, hardcoded passwords is a no-go. They already do OTA updates (it's just downloading Docker containers), but there's no signature validation apparently.

All in all, I have no idea why they would build *anything* else on top of this, before addressing the fact that it's still not ready for actual money, while everyone's already using it with actual money.

@raucao about OTA, yeah, but I was asking if it's somehow auto-update, i.e. is the user not required to manually do it. But the question would then be, do they sign these docker containers/files whatever as releases so that people could at least verify it themselves if they chose to. (I guess that's not the target audience).

@waxwing I don't remember if there was auto-update by default, but I would expect it, considering good UX being the main priority of the project, and that they had mostly achieved that goal, when I tried it out earlier this year.

@waxwing Then again, they also thought that CC licenses are "good enough" for software, and that the best business model for a personal bitcoin node would be to make the software (that ties together nothing but free software) non-free, and selling OEM licenses to hardware vendors.

I LOL-ed at first glance.
"Here is your node for your money where one of the most important properties is No Trusted 3rd Parties!
Oh, btw ... for the entire functionality is this node we completely trust 3rd parties. But you understand, right?" 👀

And then I read a bit further and that was just depressing.
Taking away more and more freedom from users and calling that 'evolution' 🙄

I already feared that Open Source would be a 'checkmark item', but it turned in "open is a spectrum" 🤮

Sign in to participate in the conversation is a friendly place for tooting, run by the Kosmos open-source co-operative.