reply on: I want to run my first node but am overwhelmed by the choices \ stacker news ~bitcoin

122 sats \ 3 replies \ @Lost_dogz 24 Dec 2023 \ parent \ on: I want to run my first node but am overwhelmed by the choices bitcoin_beginners

I politely disagree. Umbrel is easy for sure, but it's also a collection of third party software vulnerabilities for your Bitcoin node. This is not just common sense, history has proven this to be true multiple times already. It's true for any such platform, including start9

I'd stick to bitcoin-core for a bitcoin full node and raspiblitz if you want to run LN

50 sats \ 2 replies \ @kepford 24 Dec 2023

Hold up. I've run raspiblitz and umbrella. What "third parties" are you referring to. Both projects allow you to install different packages. That's on the operator. Not the projects. Umbrel uses docker containers so you do get some isolation of services.

For example you can install RTL and Thunderhub on both projects. Umbrel makes this easier but also has a huge selection of non bitcoin docker compose based projects you can install.

In general your node will be less vulnerable to attack if you have less code running that can be exploited. But again, you can run both project with only bitcoin core and LND.

I would say don't install a bunch of random apps on the same machine as your node. But then again if you are just validating your transactions maybe its not a huge issue. If you wanna run a lightning node it is a much bigger issue.

10 sats \ 1 reply \ @Lost_dogz 25 Dec 2023

If you don't install anything besides Bitcoin Core, then you certainly don't need umbrel. But even umbrel doesn't think umbrel is secure, see: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md

Docker is one example of a 3rd party vulnerabilities, but imo the biggest security hole is node.js packages. I assume Umbrel learned their lesson and no longer set a default password. This pw used to be "moneyprintergobrrr" and plenty of people lost sats because of it, and more than once

21 sats \ 0 replies \ @kepford 25 Dec 2023

That's fair. Also security is not a boolean. Umbrella is disclosing know weaknesses. Seems responsible to me especially when dealing with money.

I would not call these node packages holes but rather attack surface.