> Umbrel partnered with The Bitcoin Machines to offer a plug-and-play all-aluminum node and server combo.
I guess we're just going to ignore the fact that, while adding NextCloud and other unrelated apps to Umbrel, they *still* haven't addressed the security issues, which they themselves state are so big, that it's not recommended to put actual money on an Umbrel node?
Interesting page. The "over-the-air" update thing, I'm not familiar with it, but does it mean auto-updating somehow? Either way it looks bad indeed. And the hardcoded password one also looks bad, that's not the kind of tradeoff for convenience that I think ever makes sense (mainly because it has a global effect, i.e. attackers know all have it).
The root thing may or may not be terrible I guess it depends on details of set up.
@waxwing Yeah, hardcoded passwords is a no-go. They already do OTA updates (it's just downloading Docker containers), but there's no signature validation apparently.
All in all, I have no idea why they would build *anything* else on top of this, before addressing the fact that it's still not ready for actual money, while everyone's already using it with actual money.
kosmos.social is a friendly place for tooting, run by the Kosmos open-source co-operative.