pull down to refresh
50 sats \ 2 replies \ @kepford 24 Dec 2023 \ parent \ on: I want to run my first node but am overwhelmed by the choices bitcoin_beginners
Hold up. I've run raspiblitz and umbrella. What "third parties" are you referring to. Both projects allow you to install different packages. That's on the operator. Not the projects. Umbrel uses docker containers so you do get some isolation of services.
For example you can install RTL and Thunderhub on both projects. Umbrel makes this easier but also has a huge selection of non bitcoin docker compose based projects you can install.
In general your node will be less vulnerable to attack if you have less code running that can be exploited. But again, you can run both project with only bitcoin core and LND.
I would say don't install a bunch of random apps on the same machine as your node. But then again if you are just validating your transactions maybe its not a huge issue. If you wanna run a lightning node it is a much bigger issue.
If you don't install anything besides Bitcoin Core, then you certainly don't need umbrel. But even umbrel doesn't think umbrel is secure, see: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md
Docker is one example of a 3rd party vulnerabilities, but imo the biggest security hole is node.js packages. I assume Umbrel learned their lesson and no longer set a default password. This pw used to be "moneyprintergobrrr" and plenty of people lost sats because of it, and more than once
reply
That's fair. Also security is not a boolean. Umbrella is disclosing know weaknesses. Seems responsible to me especially when dealing with money.
I would not call these node packages holes but rather attack surface.
reply