BitBoxBase, quo vadis?
Economically used Bitcoin full nodes keep the Bitcoin network in check. They validate transactions and relay them if valid. They can tell you with certainty whether you received your paycheck, or if that incoming transaction was just a sleight of hand. What I outlined in the article We need Bitcoin full nodes. Economic ones still holds.
Also, there’s no financial sovereignty without financial privacy. Revealing all your bitcoin holdings to any third party, trusted or not, is not good practice. This is why the BitBoxApp supports easy connectivity to your own Bitcoin node, even over Tor.
The aim of the BitBoxBase project is to make running your own Bitcoin full node easier for everyone. The project has been open-source from the start with the goal to build a robust, secure, no-compromise Bitcoin & Lightning node.
There is still work to do before the BitBoxBase can be ready for production. As Shift is focusing on its core products, the BitBoxBase project is on hold.
In a talk at the Lightning Conference in Berlin I laid out the overall goals and design decisions made for the BitBoxBase project.
- Running a node is for everyone
It must be easy to set up, no assembly required, plug & play. Directly integrated into BitBoxApp. Resilient and forgiving when errors occur, with screen and buttons to talk to the user. Focused to avoid feature clutter and make support easier. - Privacy by default
A Bitcoin node today should primarily communicate over the anonymous Tor network. All communication, even in your own home network, must be authenticated and encrypted. - Reliable upgrades
Upgrading the node must be super-stable. Avoid leaving devices in the field in undefined states or even bricking them must be virtually impossible.
Building on the RockPro64 (with plenty of oomph, stable eMMC flash storage and a PCIe SSD to avoid clunky USB connections) and not on a underpowered Raspberry Pi 3 could be considered a risky choice, together with using a custom Armbian diskimage, integrating Mender for signed full rootfs updates and connecting to the BitBoxApp instead of a web UI.
These choices make the project unique, but practically speaking, much harder.
Platform
While very fast, the combination of RockPro64, Armbian and PCIe SSD is just not stable enough. With many kernel hacks, it runs somewhat stable, but there are kernel panics every few months. This is pretty good for any board like this, that is not built with server-like stability and uptime in mind, but not good enough for the goals of the BitBoxBase. It looks like the Raspberry Pi is the only maker board that can potentially run long-term stable, but of course even the Pi is not a real server.
User interface
The integration of the user interface into the BitBoxApp works great, and adds a smooth onboarding experience for non-technical users. The BitBoxBase is automatically discovered in the network and — after establishing an end-to-end encrypted connection — the BitBoxApp provides an easy to use setup wizard. With existing solutions, I think the setup process is a key area that is still too hard for new users, and there is the temptation to compromise on security to make it easy without too much effort. But the non-compromising approach of the BitBoxBase is also very complex, and the dependency on the BitBoxApp makes it hard for it to stand alone as a community-driven project.
Custom hardware
Adding a secure screen, with buttons, driven by an adapted BitBox02, with firmware programmed in C, acting as a potential personal HSM over time, is a pretty bold move. Some might call it overly ambitious. It can be done, but the effort needed for a high quality result is significant, and in a company within an emerging field, engineering resources are always scarce.
A lot of work has gone into the hardware prototypes, with a custom case and a special small form-factor PCIe adapter. Off-the-shelf cases never really satisfied me, and creating a case from scratch allows a lot of attention to details. But of course, a custom approach needs scale to be affordable. This perfectionist approach is tricky in such a niche market.
The project aims high, but there’s truth in “don’t over-engineer and ship fast”. There is still work to do before the BitBoxBase can be ready for production. Shift is focusing on the core products for now, the hardware wallet BitBox02 and its companion, the BitBoxApp. As much as it personally pains me to see the BitBoxBase project on pause, progress on the BitBox02 is only possible with clear focus and targeted resources allocation.
The great thing about open-source projects is that all the work is in the open. It’s up for taking, building upon and remixing in other endeavors. BitBoxBase will also still be there once Shift can take it up. There are other interesting developments in this area: RaspiBlitz as the ultimate do-it-yourself node, and the up-and-coming nix-bitcoin, which has a lot of promise. We are ready to work on the BitBoxBase as soon as the right time comes.
images by Dan Held and from https://github.com/digitalbitbox/bitbox-base
