Umbrel — Discussion, issues, solutions - page 2.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: cygan on December 07, 2022, 02:44:13 PM

is there actually already a possibility for umbrel, where tor can be deactivated and one acts as a full-fledged network node?

As of now, no.
https://community.getumbrel.com/t/umbrel-clearnet/9993

There are other nodes in a box that are not forced TOR.
Check out https://runcitadel.space/
I am not sure if it's TOR or not, it's forked from Umbrel but I have not been following it.

-Dave

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

is there actually already a possibility for umbrel, where tor can be deactivated and one acts as a full-fledged network node?

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

this - and whether this is an umbrel or another node Wink

BlackHatCoiner

legendary

Activity: 1344

Merit: 6415

Farewell, Leo

Quote from: DaveF on October 25, 2022, 03:58:00 PM

I really like Umbrel, as of now it's my default recommendation for a pre-built node.

Since the time I began this thread, it must have upgraded. I saw an umbrel-app-store somewhere and got impressed. Definitely a recommendation for non-tech people who want to run a, mostly, Lightning node.

Quote from: DaveF on October 25, 2022, 03:58:00 PM

The one thing I still would prefer is the ability to connect without TOR.

This is pretty much the reason I uninstalled Umbrel. It didn't allow me sync fast. It takes about twice to sync that way. Also, I had very poor connectivity. There were times that it had 0 outgoing connections, and paused syncing.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Updated mine with no problems.

I really like Umbrel, as of now it's my default recommendation for a pre-built node.
The one thing I still would prefer is the ability to connect without TOR. There are a few things that it really does lower the usefulness of with everything as TOR only but it is what it is can't have it all.

-Dave

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

since today there is a new update with version 0.5.2 for the umbrel node
this release also contains several bugfixes and performance improvements. the complete changelog can be found on github at the following link:
https://github.com/getumbrel/umbrel/releases/tag/v0.5.2

DireWolfM14

copper member

Activity: 2142

Merit: 4219

Join the world-leading crypto sportsbook NOW!

Quote from: DaveF on September 16, 2022, 11:17:49 AM

Just did a test with a node in a box that I was going to re-image anyway. RPi4, 4GB, SSD.

That actually brings up a good point. I've never plugged a hard drive directly into my RPi, just mounted SSD NAS directory to use for the blockchain data. One time I even tried mounting the NAS directory at /var/lib, but still no joy. Every time I've tried I would allow bitdoind to fully synch the blockchain before installing ElectrumX. Most of the time the system would become unusable while synchronizing ElectrumX. One time I got ElectrumX fully synchronized but it crashed shortly after that. That's when I finally gave up.

I have a couple of servers (enterprise hardware) collecting dust in my garage, which I've been planning to spin up soon. One has two Xeon processors and 64GB of ram, which I plan to set up with three or four VMs to do do most of the stuff I've currently got running on the Dells and the RPi. I just been dragging my feet because I don't have a rack to house them in at the moment.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: DireWolfM14 on September 12, 2022, 11:22:40 AM

Honestly I've never had good luck running bitcoind and electrumx server on a RPi, not even version 4. I blame myself; I've never cared for Raspian, and always run them with the latest version of Ubuntu server. I've given away all my Raspberry Pis except for one version 4 that I use as a media server.

Currently I have a Dell SFF PC with an i5 processor, 16GB RAM, and a 1tb SSD on which I've installed Umbrel over Ubuntu Server 22.04.1. Umbrel is running Bitcoind, Electrs, LND, Mempool, and Tailscale. I also have Lightning Terminal and Ride the Lightning installed as well. I've had this set up running for about two weeks now without any issues.

Just did a test with a node in a box that I was going to re-image anyway. RPi4, 4GB, SSD.

I tried to install everything in the app store and it would not. Crashed to the point that I could not even SSH into it. Did a power cycle and it came back but crashed again the same way. Could be that it's not actually crashing but taking so long to respond that both the web browser and SSH client timeout before it responds.

So yeah, you can shoot yourself in the foot quite well with it.

On the system you have. Assuming it's a 3rd gen i5 or better you could probably get away with installing everything.

-Dave

DireWolfM14

copper member

Activity: 2142

Merit: 4219

Join the world-leading crypto sportsbook NOW!

Quote from: n0nce on September 09, 2022, 06:41:08 PM

Quote from: vv181 on September 09, 2022, 10:23:55 AM

Didn't follow through with how Umbrel developed, but doesn't Umbrel since the first start already paved its way as a platform for self-hosting apps? not the one that was specifically made to run the Bitcoin ecosystem.

I'm 99% sure it always had self-hosting specifically Bitcoin software at its core concept since the very start. Media hosting and such, came later.

Below is an excerpt from the ReedMe file of version 0.1.2:

Quote from: DaveF on September 10, 2022, 07:28:20 AM

They always had the app store, but IMO it's going with too many things. And since it is designed to be run on an RPi, and one again IMO there is no 'stop new users from shooting themselves in the foot' setting. You can install everything and your node WILL crash (or at least both of mine did) due to lack of resources.

Yes you can do the same with Windows, OSX, *nix, and so on. Bu and once again IMO since it's supposed to be a BTC / Lightning node having all these other things, although nice is probably going to cause more issues.

-Dave

Honestly I've never had good luck running bitcoind and electrumx server on a RPi, not even version 4. I blame myself; I've never cared for Raspian, and always run them with the latest version of Ubuntu server. I've given away all my Raspberry Pis except for one version 4 that I use as a media server.

Currently I have a Dell SFF PC with an i5 processor, 16GB RAM, and a 1tb SSD on which I've installed Umbrel over Ubuntu Server 22.04.1. Umbrel is running Bitcoind, Electrs, LND, Mempool, and Tailscale. I also have Lightning Terminal and Ride the Lightning installed as well. I've had this set up running for about two weeks now without any issues.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: n0nce on September 09, 2022, 06:41:08 PM

I'm 99% sure it always had self-hosting specifically Bitcoin software at its core concept since the very start. Media hosting and such, came later.

They always had the app store, but IMO it's going with too many things. And since it is designed to be run on an RPi, and one again IMO there is no 'stop new users from shooting themselves in the foot' setting. You can install everything and your node WILL crash (or at least both of mine did) due to lack of resources.

Yes you can do the same with Windows, OSX, *nix, and so on. Bu and once again IMO since it's supposed to be a BTC / Lightning node having all these other things, although nice is probably going to cause more issues.

-Dave

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: DaveF on September 09, 2022, 09:43:08 AM

To me it really is just about paranoid security. I have enough to worry about with me screwing up, I don't need to worry about other unrelated things screwing up.

Just a bit of paranoia on my part, not saying I am 100% correct it's just the way I look at it.

I do agree, yes. Self-hosting is no trivial task, even for professionals; no wonder webhosting and email hosting businesses have been thriving for the last 20 years.
Ever since I created my full node install guide, I noticed how often it has to be updated, even with just 4 individual pieces of software on it. Maintaining a self-hosted server of any kind is not a cakewalk, especially not for unexperienced users.

Bitcoin Core is kind of unique in the way it requires as many nodes as possible to run it 24/7, but it's also unique in the high level of security it has; so it's much less critical if someone runs an outdated version for a few more months.

Quote from: vv181 on September 09, 2022, 10:23:55 AM

Didn't follow through with how Umbrel developed, but doesn't Umbrel since the first start already paved its way as a platform for self-hosting apps? not the one that was specifically made to run the Bitcoin ecosystem.

I'm 99% sure it always had self-hosting specifically Bitcoin software at its core concept since the very start. Media hosting and such, came later.

vv181

legendary

Activity: 1932

Merit: 1273

Didn't follow through with how Umbrel developed, but doesn't Umbrel since the first start already paved its way as a platform for self-hosting apps? not the one that was specifically made to run the Bitcoin ecosystem. Looking at how it will seem to continue to develop, I think if someone wants to use a platform or OS that is specifically made for Bitcoin, they should have sought an alternative.

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: DaveF on September 09, 2022, 09:43:08 AM

Quote from: ?? on ??

...Personally i would install Transmission...

https://www.cvedetails.com/cve/CVE-2018-10756/
https://www.cvedetails.com/cve/CVE-2018-5702/

First CVE require user download malicious torrent file while second CVE require user to enable remote access feature. I wouldn't worry too much when linux kernel has 194 new CVE this year[1]. Additionally, Transmission only can access config and download folder[2].

Quote from: DaveF on September 09, 2022, 09:43:08 AM

Quote from: ?? on ??

...or other available BitTorrent client....

https://www.cvedetails.com/vulnerability-list/vendor_id-7690/Bittorrent.html
https://www.cvedetails.com/vulnerability-list/vendor_id-6117/year-2022/Utorrent.html

I don't use those software. Last time i checked, it's closed source and show annoying ads.

Quote from: DaveF on September 09, 2022, 09:43:08 AM

The problem is that as you add more and more things there are more and more issues to keep track of and the possibility that you, the umbrel developers, the repository maintainers that umbrel uses or whoever misses something, does not add the updated packages or whatever and users are sitting there with an unpatched vulnerability.

--snip--

I get your point and actually i agree with your point. But don't forget all application is run inside Docker container[3], which reduce some security risks.

[1] https://www.cvedetails.com/vulnerability-list.php?vendor_id=33&product_id=&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=2022&month=0&cweid=0&order=3&trc=194&sha=0b4324a03d1611b238026b0d9c1402ae680bada2
[2] https://github.com/getumbrel/umbrel-apps/blob/master/transmission/docker-compose.yml
[3] https://github.com/getumbrel/umbrel-apps/#umbrel-app-framework

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: ?? on ??

...Personally i would install Transmission...

https://www.cvedetails.com/cve/CVE-2018-10756/
https://www.cvedetails.com/cve/CVE-2018-5702/

Quote from: ?? on ??

...or other available BitTorrent client....

https://www.cvedetails.com/vulnerability-list/vendor_id-7690/Bittorrent.html
https://www.cvedetails.com/vulnerability-list/vendor_id-6117/year-2022/Utorrent.html

The problem is that as you add more and more things there are more and more issues to keep track of and the possibility that you, the umbrel developers, the repository maintainers that umbrel uses or whoever misses something, does not add the updated packages or whatever and users are sitting there with an unpatched vulnerability. When you go to an ATM for your bank do you want it to also have some video games on it that you can play while waiting to possibly get some money out [wait I just invented the slot machine]. When you are on your online banking site do you want it to have things on it that are not related to banking / that bank?

To me it really is just about paranoid security. I have enough to worry about with me screwing up, I don't need to worry about other unrelated things screwing up.

Just a bit of paranoia on my part, not saying I am 100% correct it's just the way I look at it.

-Dave

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: DaveF on September 08, 2022, 11:01:08 AM

But, all that aside, once it's out of beta do you really want it to be running more then just crypto apps?

I'm all for separation of privileges, sandboxing etc., but don't feel too secure by putting some (potentially insecure) web service on a different machine in the same LAN as your Bitcoin node.
As long as you don't take the right precautions like setting up VLAN or a decent firewall setup within the LAN, if you get your 'non-Bitcoin machine' infected, all your other devices are at risk, too.

Personally, I'd limit the amount of ports I open and publicly accessible services I run, in general.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: ?? on ??

Quote from: cygan on September 07, 2022, 09:24:51 AM

with plex, jellyfin, transmission, sonarr, radarr, lidarr and prowlarr 7 new apps launched in the umbrel app store yesterday

None of them related with cryptocurrency in any way. I wonder if decent amount of Umbrel user want to make their Raspberry become more useful since those 7 apps is added in single commit[1].

Quote from: DaveF on September 07, 2022, 09:43:27 AM

It's a device that holds your finances, no reason to be doing that much more.

In first place, people shouldn't hold their Bitcoin on Umbrel. It's still on beta and not considered secure by the developer[1].

[1] https://github.com/getumbrel/umbrel-apps/commit/60878f278d544b204d8e7c96240c797f43a9b319
[2] https://github.com/getumbrel/umbrel/blob/master/SECURITY.md

As I have always said with hot / online wallets. It comes down to the risk vs convenience amount and everyone's number is going to be different.

I have a non raided - beta software - SBC - always online - tor connected umbrel lightning node with more funds on it then the hot wallet on my phone. Because even with all the above I still think it's more secure. And I probably won't forget it on a table at a restaurant and leave it there.

Others will feel differently. Bill Gates could leave $10000s on one and not care.

But, all that aside, once it's out of beta do you really want it to be running more then just crypto apps?

-Dave

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

i was thinking the same thing and actually it would be perfectly sufficient if umbrel only offers Bitcoin specific apps in their own app store ... so slowly this degenerates into another/wrong direction Roll Eyes

the umbrel node should continue to function as its own stable Bitcoin node including lightning and run without problems

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Although I really like the concept of all these apps, every time you add stuff to a project like this you do compromise security and add things that can go wrong.

Also, most people are still running it on a RPi, there is a limit to what it can do. You know there are people out there that will install every app and then wonder why it's taking forever for the node to sync or why this or that is going wrong and it's just the RPi CPU screaming while trying to keep up.

It's a device that holds your finances, no reason to be doing that much more.

-Dave

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: DaveF on May 19, 2022, 09:21:28 AM

Quote from: ABCbits on May 19, 2022, 07:14:43 AM

You can do it with parameter -connect= or adding connect= to bitcoin.conf file.

For now Umbrel is TOR only, will it still connect to a non TOR node even if it's local? I never tried.
Also, although it should not matter, changing the conf file for some of the preconfigured nodes may cause other issues. I know once you change any of the conf files in mynode it will not change them itself even if an update to bitcoind or other app requires it. It's the you touch it, it's yours theory.

-Dave

I don't know how Umbrel configure Bitcoin Core, but AFAIK -connect= is categorized as manual connection can ignore -onlynet=onion. But i agree it's not ideal option, considering you could mess Umbrel and he have option to copy Bitcoin Core directory to Pi 400.

Quote from: bitcoind --help

-onlynet=
Make automatic outbound connections only to network (ipv4, ipv6,
onion, i2p, cjdns). Inbound and manual connections are not
affected by this option. It can be specified multiple times to
allow multiple networks.

cygan

legendary

Activity: 3122

Merit: 7618

Cashback 15%

with plex, jellyfin, transmission, sonarr, radarr, lidarr and prowlarr 7 new apps launched in the umbrel app store yesterday

Topic: Umbrel — Discussion, issues, solutions - page 2. (Read 2103 times)