> Umbrel partnered with The Bitcoin Machines to offer a plug-and-play all-aluminum node and server combo.


I guess we're just going to ignore the fact that, while adding NextCloud and other unrelated apps to Umbrel, they *still* haven't addressed the security issues, which they themselves state are so big, that it's not recommended to put actual money on an Umbrel node?



Interesting page. The "over-the-air" update thing, I'm not familiar with it, but does it mean auto-updating somehow? Either way it looks bad indeed. And the hardcoded password one also looks bad, that's not the kind of tradeoff for convenience that I think ever makes sense (mainly because it has a global effect, i.e. attackers know all have it).

The root thing may or may not be terrible I guess it depends on details of set up.

@waxwing Yeah, hardcoded passwords is a no-go. They already do OTA updates (it's just downloading Docker containers), but there's no signature validation apparently.

All in all, I have no idea why they would build *anything* else on top of this, before addressing the fact that it's still not ready for actual money, while everyone's already using it with actual money.

@raucao about OTA, yeah, but I was asking if it's somehow auto-update, i.e. is the user not required to manually do it. But the question would then be, do they sign these docker containers/files whatever as releases so that people could at least verify it themselves if they chose to. (I guess that's not the target audience).


@waxwing I don't remember if there was auto-update by default, but I would expect it, considering good UX being the main priority of the project, and that they had mostly achieved that goal, when I tried it out earlier this year.

Sign in to participate in the conversation

kosmos.social is a friendly place for tooting, run by the Kosmos open-source co-operative.