pull down to refresh

102 sats \ 1 reply \ @_stacktoshi 9h \ parent \ on: Serving Bitcoin – refurbished bitcoin nodes bitcoin
Code is shipped with any device that contains processing units, so unless you can verify that the code only does what it's supposed to do, there's a basic level of trust that you have to accept. So then the question goes past just startOS. If they didn't have an OS and gave you a usb drive with all the linux packages that you could independently checksum, you'd still need to trust all the authors of the code that's gonna run on that machine, including firmware. So, you're right, they might as well include a copy of the blockchain, as long as you could reliably verify it. And people generally aren't going to be putting their life savings on these devices since they're hot wallets. An attacker isn't going to strike it rich before word gets out about the supply-chain attack.
write
preview
0 sats \ 0 replies \ @Scoresby OP 1h
You are getting at exactly what I was thinking.
Two points though:
  1. while most people hopefully are using something else as their cold storage, they might frequently use such devices as watch-only wallets, and as such they might be using them to generate receive addresses for their cold storage.
  2. my second point is that bitcoin-specific machinery may be more likely to get attacked. Or at least it is more likely to be a target.
reply