0 sats \ 3 replies \ @bluematt 8 Nov 2023 \ parent \ on: Mutiny wallet - questions to be answered bitcoin
Not quite sure why you feel the need to start with insults, that seems unnecessary.
I think you're mostly referring to the auto-update problem, which, indeed, is an issue for all mobile nodes - both a PWA, which auto-updates by website load, but also the OS auto-updates apps, and in both cases there's little validation a user can do to check that they're running the open source software they expect.
This is something that is an inherit limitation in the platform, sadly. Even if you're using Uncle Jim's node hosting service, whatever you're using to remote control it on your phone still has the same problem - it can intercept your API calls and steal your money.
That said, "self-hosting" Mutiny is...trivial, unlike Uncle Jim's node hosting service. All you have to do is unzip the source into a web server. Now you have a fully self-hosted copy of Mutiny that you can use that Tony can't auto-update out from under you. Until mobile platforms provide something better, that's arguably the most trustworthy model of any mobile node.
Not quite sure why you feel the need to start with insults, that seems unnecessary.
Where?
That said, "self-hosting" Mutiny is...trivial, unlike Uncle Jim's node hosting service.
That's nonsense. The web-server itself (ip4 ssl and so on), plus the reverse proxy required by Mutiny, is the bulk of the lift. Running the node daemon beyond that is also a "trivial" unpack.
Packaging options for Uncle Jim does in general leave much to be desired, which is my point, and that's why I'm working on and advocating for that vs. this Quixotic mobile fiasco.
Until mobile platforms provide something better
Exactly why it's best to have the node off-phone so that the mobile only has access to nerfed account keys, not the whole private key that can be swept without a trace.
reply
"as seems to be typical" and "Fragile Tony" are both rather insulting comments.
Its worth noting that the reverse proxy used by mutiny is not trusted. You can use anyone running it without worrying they can take your money or see what you're doing (only when you're doing it, which can correlate). There are a number of things Mutiny connects to server-wise, but the only trusted piece is just the download of the code which gets run locally. that can be put on any web server (which, come on, isn't all that much work to host, you can even do it via a standard hosting provider).
reply
Fragile Tony already has anyone outside his echo chamber muted (hense the name) so that's irrelevant...
I'd consider concession on the former, but here again you're doing it: I didn't say the reverse proxy was trusted.
The topic was self-host complexity, and the reverse proxy would need the same process hosting capabilities as a node.
reply