Start9/documentation
2
0
Fork 0
mirror of https://github.com/Start9Labs/documentation.git synced 2026-03-26 02:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21 from Start9Labs/docs-updates

Browse Source 
FAQ updates
This commit is contained in:
Matt Hill
2021-04-03 10:57:16 -06:00
committed by GitHub
parent 5bb9a1949b 0281861d42
commit 60079d8496
10 changed files with 471 additions and 416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/index.rst
View File

@@ -28,6 +28,7 @@ Here you will find guidance and information about the Start9 Embassy personal se
:caption: Misc Guides :caption: Misc Guides
misc-guides/available-services misc-guides/available-services
misc-guides/bitcoin-cli
misc-guides/tor-os/index misc-guides/tor-os/index
misc-guides/tor-firefox/index misc-guides/tor-firefox/index
@@ -42,6 +43,6 @@ Here you will find guidance and information about the Start9 Embassy personal se
:maxdepth: 2 :maxdepth: 2
:caption: Support :caption: Support
support/faq support/FAQ/index
support/concepts support/concepts
support/contact support/contact

26
source/misc-guides/bitcoin-cli.rst Normal file
View File

@@ -0,0 +1,26 @@
.. _bitcoin-cli:
*****************
Using Bitcoin-Cli
*****************
Instructions for accessing the bitcoind service in order to issue commands directly.
.. warning:: This is an advanced feature and should be used with caution. Start9 is not responsible for any damage you might cause through SSH access.
1. First, you will need SSH access. Please see the :ref:`setup instructions <ssh-setup>` for details.
2. Access your Embassy and then you can interact with the bitcoind docker container using the following syntax::
sudo docker exec bitcoind bitcoin-cli COMMAND
.. admonition:: Example
sudo docker exec bitcoind bitcoin-cli getnetworkinfo
A list of possible commands can be found `here <https://chainquery.com/bitcoin-cli>`_.
You can also drop into a shell using::
sudo docker exec -it bitcoind bash
and then enter ``bitcoin-cli`` commands. When you are finished, simply type ``exit``.

112
source/support/FAQ/bitcoin-faq.rst Normal file
View File

@@ -0,0 +1,112 @@
*****************************
Bitcoin and Lightning Network
*****************************
Why does the Bitcoin service take so long to be ready?
------------------------------------------------------
On first install, the Bitcoin service must verify the entire history of transactions in order to verify transactions going forward. This can take approximately a week depending on your internet connection. You can continue to use the Embassy normally in the meantime.
You can learn more about the Initial Block Download in `this video <https://www.youtube.com/watch?v=OrYDehC-8TU>`_.
Can the IBD (Initial Block Download) be made faster? Or can wait times be improved?
------------------------------------------------------------------------------------
We have some work planned to improve the wait times, which we think is the better way to deal with painful sync times without sacrificing the trust minimization.
I'm getting this error: unable to connect to bitcoind: -28: Loading block index... What do I do?
------------------------------------------------------------------------------------------------
The block index error is normal and goes away after the Bitcoin blockchain has synced. If you have completed the Initial Blockchain Download (IBD), this will be a few minutes at most.
The Bitcoin Service is different from the GUI version I am used to using (bitcoin-qt). How to I use this like I used to?
-------------------------------------------------------------------------------------------------------------------------
At present, the Embassy does not offer its own node visualization tool. You can view certain properties about your node inside the "Properties" section, but not in an animated GUI. If you want to use bitcoin-cli, you may do so by adding an SSH key onto your Embassy and exec-ing into the bitcoind docker container. Otherwise, the main way to actually *use* your node is through a wallet. The QT GUI is not usable because it cannot be served through the browser (which is necessary here), and last we checked, the QT desktop client was incapable of connecting to a remote node over Tor. As far as we are aware, the only wallets that support this are Specter, Fully Noded, and Sparrow.
Does the Embassy run a full archival Bitcoin node?
--------------------------------------------------
The Embassy runs a full node, but does not run a full *archival* node, it's pruned. This means it does not store the entire Blockchain. As it syncs, it discards blocks and transactions it does not need.
It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`.
What actions, specifically, are only possible with an archival, or unpruned node?
-----------------------------------------------------------------------------------
The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index.
Is it insecure to run a pruned node?
------------------------------------
As a user, pruned nodes and archival nodes provide you the same security. In a larger sense, if 100% of people ran pruned nodes, the security of the network could be in dire circumstances and be put at risk if no nodes kept history, as then no one could bootstrap new nodes. The reality however, is that most Embassy owners are new node operators, so there is no net systemic risk introduced.
Why would I want to run a lightning node?
-----------------------------------------
The Lightning Network (LN) is a second 'layer,' built on top of the Bitcoin Protocol. As a result all transactions on LN are backed up by the full security of the Bitcoin network. Lightning is designed for instant payments between nodes, but similar to running a Bitcoin node, running your own is the only way to be sovereign. When you have your own node, you will have the convenience of linking a Lightning wallet, for use on the go. It is also possible to earn an income (granted a very small one at this time), if you are willing to learn how to become a 'routing node.'
I opened a Lightning channel, but my local balance is lower than I expected. Where is the remainder?
-----------------------------------------------------------------------------------------------------
A fee to close the channel (onchain) is set aside at opening.
How is that fee estimation calculated?
--------------------------------------
The commitment fees are automatically negotiated every few blocks with your peer. They are on chain txs like all channel closes but they are not broadcast until you attempt to close the channel.
What would happen if I shut down an Embassy that is running a Lightning node with open channels?
------------------------------------------------------------------------------------------------
It is REALLY IMPORTANT that people understand that if they shut off their Lightning services for long periods of time (days on end) it is possible for your peers to cheat you out of money. If you are not prepared to LOSE ALL THE MONEY IN YOUR CHANNELS, KEEP YOUR NODE RUNNING.
That said, malicious actors on the network right now are probably sparse, however you are still open to that risk if you do not keep your node online.
Is there a solution to this?
----------------------------
Yes, the concept of a Watchtower was originally conceptualized in the LN whitepaper. A Watchtower is simply a lightning node to which you can give the authority to monitor transactions associated with your open payment channels.
Is a wallet vulnerable to hacking if its always online??
---------------------------------------------------------
Funds are not stored on the node typically. The node simply serves as a source of truth for the state of the blockchain. Attacks depend on where the keys are and where the signing happens. You can use something like a hardware wallet for better security. Though, to be fair, a lot of attacks depend on you or your machine being targeted specifically, and a whole bunch of attack vectors are highly theoretical and obscure.
Most successful attacks seem to be either fake/doctored software or a social attack (tricking you into installing some malware or giving your seed outright or something like that).
Keep in mind, however, the more value there is out there to steal, the more sophisticated attacks will get automated (bots, crawlers etc). So its not just the risk profile of today, but also tomorrow you have to consider. Thats why something like a hardware wallet or dedicated mobile device for key signing is a good idea.
Even if your wallet is plugged into your Embassy, whether your wallet is hot or cold depends on the hardware that stores the keys.
How does Bitcoin Proxy request (and verify) data when that data is needed by some app using it?
-----------------------------------------------------------------------------------------------
Proxy fetches blocks from your pruned node if it still has them, and fetches them from peers when it does not. Proxy can ensures the fetched block is valid by comparing it to its header, which is retained by the pruned node. The header is a product of the hash of the block itself, amongst other things, so it can't be
What is the difference between the Bitcoin Wallet Tracker and the Electrum Personal Server?
-------------------------------------------------------------------------------------------
Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the same thing, similar to bitcoind vs btcd, or lnd vs c-lightning.
Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions.
Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”.
Which wallets can I use that sync with my Embassy Bitcoin node?
---------------------------------------------------------------
There are many wallets that support linking to your own full node. You will need one that supports tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus.
Is BlueWallet an option?
------------------------
BlueWallet requires a seperate backend service called LNDHub, which is not available on the Embassy at this time.
Is it possible to run c-lightning and lnd parallel on the Embassy?
------------------------------------------------------------------
Yes, you may run both. They will operate in their own environments and allow you to run services that depend on either.
How do I connect my Spark mobile app to the Embassy Spark server?
-----------------------------------------------------------------
To use a Spark client, you still need to have Spark installed on the Embassy (which serves Spark). Then, under Properties, there is a "Pairing URL". The first part of this is the server URL, and the end portion of it is the access key.
Are my addresses, channels, and balances all stored in LND or in RTL?
---------------------------------------------------------------------
This is all on LND, and RTL is just a GUI for accessing LND. On-chain balance is also part of the LND backup.
Is there a way to use the channel backups made within RTL?
----------------------------------------------------------
The only backup flow we officially support is through the Embassy backup system. This does include the channel backups created automatically by LND, but it must be understood that backups in Lightning are very different than they are on Layer 1 Bitcoin. If you restore from backup all your channels will close, and there is a potential, albeit small, probability for you to lose funds.
When attempting to add new peer, RTL says "server is still in the process of starting," but chain state seems to be fully up to date. What can I do?
-----------------------------------------------------------------------------------------------------------------------------------------------------
Check the LND logs, it can take a while to bootstrap, and starting RTL before this completes could cause errors.
"Server is still in the process of starting," but LND and RTL are running. How can I address this?
---------------------------------------------------------------------------------------------------
You may need to restart the LND Service.
What's the best way to move a small lightning balance?
------------------------------------------------------
It is possible to have lightning balances that are so low that they will not (or barely will) cover the on-chain fees to recoup into an on-chain wallet.
Why are Lightning Network backups and moves so complicated?
-----------------------------------------------------------
There are safe ways to do an “atomic move” of a LN node but it requires a very specific sequence of actions and certain mistakes can result in your counterparties taking all your funds. Fundamentally, today, LN works on a punishment scheme. This means if you publish revoked state, that the counterparty is entitled to a claim on all the funds in the channel. This incentive system is what makes the whole thing work. Without it LN would be subject to various kinds of thievery.
So the downside is that backups of old state are not safe. This is because your node might believe it is the real state of the channel, but it may be unaware of states created since then. The problem here is that your node naively believes something different from the truth, which can result in all of the funds being lost. In response to this reality, the safe backup systems, including those generated by RTL, actually do not include channel state. They only list the peers that you had channels with. Restoring these backups essentially politely asks your peers to force close the channels they have with you. In those moments it is possible for your peer to try and cheat you, but they cannot be 100% sure that you cant punish them, so its extremely unlikely that they will attempt to do so.

64
source/support/FAQ/embassy-faq.rst Normal file
View File

@@ -0,0 +1,64 @@
*****************************
Embassy (Device, OS, and DIY)
*****************************
Can I run EmbassyOS on a VPS or VM?
-----------------------------------
Maybe, but we advise against this. It is designed to be used on a RaspberryPi.
Is it possible to use the EmbassyOS on my own hardware?
-------------------------------------------------------
Yes! The :ref:`diy guide <diy>` will take you through the setup steps. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees.
Additionally, EmbassyOS is available to build from source under the Start9 Personal Use License. If you have the time and energy, it is possible to download and compile EmbassyOS yourself, for free, with the caveat that your “Embassy” will not have a product key generated by us. This means you will miss out on the perks that come along with purchasing from us, which will grow over time.
Do I plug the Embassy into my computer?
---------------------------------------
No. The Embassy only needs to be plugged into power and internet, just like your router. You can set it up right by your router and forget about it.
How much storage does the Embassy have?
---------------------------------------
Currently, the Embassy ships with a 128gb of storage.
Are my Internet requests anonymous and secure?
----------------------------------------------
EmbassyOS and every service on the Embassy serve their own Tor Hidden Services with unique Tor addresses. The private keys used to create these addresses are generated on your phone or computer when you first set up the Embassy. No one, not even Start9, has any idea what your Tor addresses are, let alone the password(s) you choose to authenticate with them.
Can multiple Embassies be setup to run redundantly in physically separate locations?
------------------------------------------------------------------------------------
Soon (tm). Currently no, be we have plans for a feature that will enable Embassies to provide encrypted, automated backup services for one another.
How does the Embassy compare to other Bitcoin nodes or personal servers?
------------------------------------------------------------------------
The cheapest way to run a Bitcoin/Lightning node is to buy a Raspberry Pi (or equivalent), compile the software from source yourself, and host everything on Tor. This takes even technical people significant time to accomplish. On the other end of the spectrum is something like the Embassy, which "just works". In between is stuff like MyNode, Nodl, Dojo, Umbrel, and Raspiblitz, which all require some degree of command line effort and network configuration. The biggest benefit of the Embassy is that it is infinitely extensible to all of open-source, self-hosted software. The service listing will expand enormously over time in ways the other platforms cannot.
Would you consider (Umbrel, Nodl, Dojo, etc) a competitor to you guys, or are they different enough to be compatible?
---------------------------------------------------------------------------------------------------------------------
Other node devices are competitors, and there are distinct trade-offs to each platform, but we are definitely moving toward the same future, which is a win for everyone!
We are taking more a general approach to all of open-source, self-hosted software, including Bitcoin/Lightning. They are more Bitcoin/Lightning oriented.
Is a more powerful device in the works??
----------------------------------------
In the near future, the Embassy will move to more powerful hardware.
I heard on an old podcast that there will be an Embassy Two, to be launched in 2021. Is there an ETA on this?
--------------------------------------------------------------------------------------------------------------
Do not expect a new device in 2021, but we are always doing R&D.
Can I mine Bitcoin with this?
-----------------------------
No, you can not.
Does the Embassy only work over Tor? No http or VPN...??
--------------------------------------------------------
The Embassys current primary communication is Tor, yes. In many cases we use HTTP over Tor (they are not mutually exclusive), you can see this by navigating to the Tor address in a browser and see the “http” in front of it. A VPN is a feature were exploring as an alternative to Tor to make things faster without meaningfully impacting privacy. You can also connect directly via LAN if you are on the same network as your device.
What if someone gets physical access to my device, can they read the contents? Is it encrypted?
-----------------------------------------------------------------------------------------------
The device is currently not currently protected in that way. Someone with physical access to the device can get full access to everything on it.
Apps like Bitwarden however do not store plaintext information, so your passwords will not be compromised unless they know your master password.
Why http and not https for .onion websites?
-------------------------------------------
When visiting a Tor V3 URL (.onion website), your communications are end-to-end encrypted and onion-routed by default. There is no added benefit to using https.

95
source/support/FAQ/general-faq.rst Normal file
View File

@@ -0,0 +1,95 @@
*******
General
*******
What is Start9Labs?
-------------------
Start9Labs is a company based in Denver, CO that builds the Embassy and EmbassyOS.
What is the Embassy?
--------------------
The Embassy is a "shelf-top" computer built using a `Raspberry Pi <https://www.raspberrypi.org/products/raspberry-pi-4-model-b/>`_ for hardware and running EmbassyOS software.
The internet as we know it is organized into questioners, or clients, and answerers, or servers. When you open a mobile email app, say Gmail, the app (client) begins asking questions: "have I received new mail?", "what are my last 50 messages?", "what drafts am I in the midst of writing?", and so on. Your app's questions are sent to and heard by a Google-run server which then provides answers back to the client and are subsequently displayed to the screen.
The Embassy is exactly that: your very own "answerer", just like Google's, except managed simply and with ease by and for you alone.
In other words, it is a generalized private personal server capable of running all sorts of self hosted open source software.
When you see your credit card information on your banking app, your messages in your texting app, your passwords in your password management app, all of that information comes from somewhere in the cloud: some server run by some company somewhere on the planet. Who can see the data stored in that server? Who can edit it? It's not always clear, but the increasingly common practice of selling your data to advertisers and the high-profile cyber-security breaches of the last decade suggest a pessimistic outlook.
One thing is for certain though: if you control your server, then you control your data. Your finances, your communications, all of it is actually yours -- and only yours -- with an Embassy.
Why do I care?
--------------
As an example, let's talk about the password manager, Bitwarden. It may help convey the concept of a personal server. Currently, when you use Bitwarden, your passwords are stored on a physical device (aka server) owned and operated by the Bitwarden team. Your phone or laptop sends requests to their server when you want to do anything: create an account, create a new password, retrieve existing passwords, etc. Your passwords are stored on their device, encrypted with your Bitwarden password. They are the custodian of your passwords, similar to getting a safe deposit box at the bank. The bank keeps your valuables in their vault, presumably they don't know what's in the box, and any time you want access to your box, you ask the bank for permission. This is exactly how a hosted Bitwarden experience works, as well as just about everything on the internet. When you install Bitwarden on your Embassy, by contrast, it's like building your own safe deposit box in a private bunker whose location is only known to you and whose keys only you posses. You create an account with yourself, store your passwords with yourself, etc. You are your own custodian. This same concept can be applied to just about everything on the Internet, without losing the convenience of the custodial model, which is what we are out to accomplish. This may sound cool, or neat, but it is so much more than that. The custodial data model is amongst the greatest threats to human liberty the world has ever seen.
This `podcast <https://www.youtube.com/watch?v=aylDowaSdzU&t=270s>`_ may help expound upon why this is important.
How does the Embassy work?
--------------------------
The Embassy runs on the Raspberry Pi 4B hardware with a Cortex-a72 CPU, 4GB of RAM, and has 2.4ghz and 5.0ghz IEEE 802.11AC wireless capabilities and an internal speaker for audio feedback of system operations. It also features a high endurance MicroSD card, on which the operating system software is installed.
EmbassyOS is a stripped down version of Raspbian Buster Lite and handles all operations of your Embassy device. This core element of the technology stack is what enables you to set up, login, access your Embassys dashboard, and download and install services.
One of these operations is creating and managing Tor addresses, which are uniquely attributed to each service you download, as well as to the Embassy device itself. You can see your uniquely generated Tor address when you complete the setup process using the Setup App. This address is how you view your Embassys dashboard, which is actually just a website served up from your Embassy itself! It is authenticated, of course, so only you can access it.
You can connect to and manage your Embassy from any mobile device, desktop computer, or laptop computer. This is accomplished right through the browser by visiting your Embassy's private and unique URL.
Once on Embassy's web page, you can choose what services to install to the Embassy. Then, each installed service also receives its own private and unique URL, such that you can access it from the browser or any mobile app that supports using it as a backend.
The list of services will grow rapidly over the coming months, such that many things you currently do using cloud-based third party servers can be just as easily accomplished using your own personal cloud serving your own personal apps and storing your own private data. No trusted third parties at all.
What is EmbassyOS?
------------------
EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run their own cloud, become independent from Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services.
EmbassyOS is a custom-built Linux distribution, which is a stripped down and beefed up version of `Raspbian Buster Lite OS <https://www.raspberrypi.org/software/operating-systems/>`_, along with a suite of software tools which make it easy to:
* Install, uninstall, and upgrade services from the custom Marketplace (similar to your phone's app store)
* Manage and run services that YOU control
* Upgrade your Embassy software with the latest features and security updates
* Backup services, and restore from backups if needed
Start9 Labs augmented the original Raspbian OS to include:
* a custom application management layer, specialized for installing, running, and backing up .s9pk packaged services
* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
The .s9pk extension is Start9 Labs' custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.
What are EmbassyOS Services?
----------------------------
A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud!" Learn more about managing services :ref:`here <managing-services>` and see our currently :ref:`Available Services <available-services>`.
Does the Embassy ship worldwide?
--------------------------------
Yes.
Does the Embassy have international electrical plugs?
-----------------------------------------------------
Power supplies for EU, AU, US, and UK are available.
Is the power supply that comes with Embassy 220v compatible?
------------------------------------------------------------
Yes.
How does pricing work for EmbassyOS? Are you targeting a specific USD price?
-----------------------------------------------------------------------------
The price is changed every 2016 blocks, which occurs about every 14 days. And no, the intent is not to tie EmbassyOS to a USD value, though at the moment USD is a convenient proxy for real purchasing power.
What are you using for a store backend? Do you store my data?
--------------------------------------------------------------
Here is our exact situation currently:
Embassy device sales are processed through Shopify, which we do not like, but it was expedient in the early days, especially for shipping, so we went with it. Aside from a master list of email addresses for those who have explicitly opted in to our mailing list, all customer data is contained within Shopify. We do not duplicate it anywhere. We are asking Shopify to delete our customer data, but they claim it will take upward of 3 months to comply and we of course have no guarantee the data will actually be deleted permanently. This is partly why we exist...as such, we will be moving off of Shopify and onto a self-hosted solution, where Start9 alone controls our customer data for Embassy purchases, which we will delete as a matter of policy following a short grace period after delivery.
For EmbassyOS sales, we took the maximally private approach right out of the gate. When you buy EmbassyOS, the only thing we need is an email address, and you can only pay with bitcoin. That's it. Then, unless you have explicitly requested that we keep your email for mailing list purposes, we delete the email immediately upon transaction completion.
So...in summary: (1) the shipping data we currently have is stored in Shopify (2) we are asking Shopify to delete all our customer data (3) we will be migrating off of Shopify (4) going forward, we alone will control customer data and will purge it regularly (5) you can always assemble the hardware yourself and just buy EmbassyOS from us with bitcoin, which only requires an email, which is gets purged immediately.
I want to help, but I'm not a developer. Are there any ways for non-coders to contribute?
------------------------------------------------------------------------------------------
1. Shill it to everyone and create awareness
2. Answer questions from new users in the community channels
3. Make tutorial videos
4. Write instruction manuals or commit to the docs

15
source/support/FAQ/index.rst Normal file
View File

@@ -0,0 +1,15 @@
**************************
Frequently Asked Questions
**************************
A collection of common questions and concerns from our community.
.. toctree::
:maxdepth: 1
general-faq
embassy-faq
usage-faq
setup-faq
services-faq
bitcoin-faq

57
source/support/FAQ/services-faq.rst Normal file
View File

@@ -0,0 +1,57 @@
********
Services
********
My Embassy is set up, now what?
-------------------------------
You can now access your Embassy and find the Services you want from the "Marketplace" tab, then clicking "Install." The Service will let you know if you need any "dependencies," or pre-requisite Services, first. After you have a Service installed, don't forget to "Start" the service.
What if I cannot connect to a Service?
--------------------------------------
Please make sure the service is started by viewing it in the Services tab in the Embassy dashboard menu. A green indicator bar should be visible.
Can it be used as a firewall?
-----------------------------
Potentially. The PiHole service is on the roadmap.
Will there be a VPN?
--------------------
We are looking into adding as a Wireguard service for VPN access when you are not home. A client-to-client VPN may also be possible.
Can the Embassy run 'X' Service??
---------------------------------
Potentially. `Here <https://github.com/awesome-selfhosted/awesome-selfhosted>`_ is a comprehensive list of self-hosted services, any of which can theoretically make it to the Embassy one day.
If you are interested in packaging a service up for the Embassy, which does not require extensive development skills, please see our guide :ref:`here <service_package_overview>`.
We are aggressively moving away from service development in favor of a more community driven approach. Meaning you, an app development team, or anyone else on Earth, can bring the Service they want to the Embassy Marketplace. You don't need our permission.
Is the Embassy a Tor relay node?
--------------------------------
No, currently it is not, but we plan to add that functionality in the future.
Are files on File browser encrypted on disk?
--------------------------------------------
No, not currently.
Can I use my CUPS instance with other people? How does that work?
-----------------------------------------------------------------
Cups does not have multiple accounts support. Each person would need their own Embassy. We are considering adding multi-account support to Cups, but it's just not a priority at the moment.
Is the embassy able to connect to Sphinxchat?
---------------------------------------------
Maybe, but we are also planning to add Sphinxchat to the Embassy directly.
Can the browser extension be used with Bitwarden hosted on the embassy?
-----------------------------------------------------------------------
Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension.
I don't see an answer to my question regarding a certain service. Is there more documentation?
-----------------------------------------------------------------------------------------------
While we are intent on providing the most friendly experience possible to our customers, ultimately it will be impossible for Start9 to create documentation and tutorials for every service we make available on the Embassy. Each service *should* have its own documentation produced by the service developers themselves, and we will do our best keep track, consolidate, and link to it. Also, much of the reason good tutorials don't exist is simply because no one in the community has taken the time to produce it. If you come across something useful or write something up yourself, please let us know and we will promote it. Otherwise we will do our best to answer questions as they arise and gradually build out tutorials where they are lacking.
I want to understand in depth how a Service works and it's available configuration options. Where can I go to learn more?
--------------------------------------------------------------------------------------------------------------------------
Depending on the app, the config options can be quite involved. Bitcoin Core, for example, has an enormous amount of complex options, almost none of which are useful to a normal user doing normal things. We chose some very sane defaults that should work for normal use cases. Here is an example config from the Bitcoin `GitHub <https://github.com/bitcoin/bitcoin/blob/master/share/examples/bitcoin.conf>`.
By reading the descriptions in the link above, as well as doing some extra searching on your favorite search engine, you can begin to discover all the crazy ways in which someone can customize their Bitcoin node. Here is another list of `possible options <https://en.bitcoinwiki.org/wiki/Running_Bitcoind>`_.
We translated much of (but not all of) the tons of options into a clean and easy-to-use GUI with toggles, dropdowns, inputs, etc, which is what you're seeing in your config screen. If you notice the little "?" icons on the left of each option, clicking them will provide a brief description as to what the option does. Also, our config GUI restricts the possible values you can enter such that you don't accidentally crash Bitcoin. That said, be very careful about just randomly changing things, lest your node starts to behave strangely.

39
source/support/FAQ/setup-faq.rst Normal file
View File

@@ -0,0 +1,39 @@
*************************
Setup and Troubleshooting
*************************
What do I do first?
-------------------
Simply plug the device into power and internet, typically from your home internet router. That's it! After this, get the :ref:`Setup App <initial-setup>`, and follow the instructions.
How do I know if my Embassy is running?
---------------------------------------
After plugging into power and internet, you will hear 2 distinct sounds: first, a “bep” indicating the device is powering on, and second, a “chime” indicating the device is ready for setup.
What if I can't connect to my Embassy?
--------------------------------------
Please ensure your phone / computer is connected to the same wired or wireless network as your Embassy. Be careful that you are not on a separate or "guest" network.
Why do I need the Bonjour service (Windows only)?
-------------------------------------------------
Because a major use case of Bonjour is wireless printing over the LAN, but your Windows machine can also use Bonjour to discover and connect with other devices on the LAN. In this case the Embassy.
My Tor sites aren't loading, what should I do?
----------------------------------------------
This is most likely a transient networking issue that will correct itself in a few minutes to an hour. If it does not, there are few things you can try:
1. On Android/Orbot, the most common solution is to restart your Android device.
2. Access your Embassy over :ref:`LAN <ssl-setup>` and restart it from the "Embassy" menu.
3. Restart your router.
What if I have an unique network issue, for example, with a firewall?
---------------------------------------------------------------------
The Embassy is designed to work as simply as possible, for as many as possible, while providing the ability to self-host in a private manner. If you have an agressive or custom firewall, or other custom network settings, there is a good chance that addtional configuration may be necessary. We will continue to learn about custom networking issues, update our docs with resources, and help in the community :ref:`channels <contact>` to the best of our ability.
Can I use the Embassy from behind a VPN, for example, if my router has a built-in VPN?
--------------------------------------------------------------------------------------
While this is possible, it adds complexity, which may lead to problems. You will need to understand the setup of your router/VPN and how it supports (or doesn't support) tor connections.
If you are having trouble with this, you might consider letting the Embassy out "in the clear," since everything is broadcast exclusively across the Tor network, offering a high level of privacy.

61
source/support/FAQ/usage-faq.rst Normal file
View File

@@ -0,0 +1,61 @@
***********
Basic Usage
***********
Is it easy to use?
------------------
Yes! The Embassy is designed to be plugged into power and internet, and after a short setup, is immediately ready to use. Getting services is as easy as getting apps for a smartphone.
So I can run my own cloud?
--------------------------
Yes! No special skills or knowledge are required to host all your own services and replace those previously thought "necessary" for modern digital life.
Can I run multiple Embassies?
-----------------------------
Yes, but there is currently no way to synchronize or federate them. We are working on ways to make this possible in the future.
What if I forget my Embassy password?
-------------------------------------
Check out the `docs < https://docs.start9labs.com/user-manual/general/forgot-password.html>` on forgot password, and let us know if you have any additional questions. All your services and data will remain.
Can I move my Embassy to another location? What happens when I do this?
------------------------------------------------------------------------
Yes, you can move the Embassy to another network. Your service tor addresses will remain the same.
Whats the advantage of using the .local address over the .onion address?
-------------------------------------------------------------------------
If you are in your home network it is both faster and more private since the connection never leaves your household. The downside is that it wont work if youre on the go.
Is the software Open Source?
----------------------------
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9labs.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository <https://github.com/Start9Labs>`_.
Is there a product warranty?
----------------------------
Yes! Start9 commits, to the best of our ability, to serving each beta Embassy product released until the wild. We will resolve any issue encountered with our provided hardware or software in a personalized matter. We strive to provide highly available, quality customer service.
Can you tell me about the License?
----------------------------------
EmbassyOS is published under our own Start9 Non-Commercial License, which has similar properties to many open source licenses with the exception that users cannot in any way, either through products or services, commercialize the source code, and any changes to the code or derivative works of the code are treated in the same manner. This means people will be welcome to access the source code, download it, use it, run it, fork it, change it, improve it - whatever they want - except sell it or sell services related to it.
I run a business, can I use an Embassy for tasks such as password management and file sharing?
----------------------------------------------------------------------------------------------
Absolutely. An Embassy would be a great addition to any business as it is easy to use and provides services that you control, with no subscription fees.
With the addition of `BTCPay Server <https://btcpayserver.org/>`_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary!
Can I have multiple users on my Embassy?
----------------------------------------
Currently, the Embassy itself is designed to for a single user. There is no way to grant others access to your Embassy without sharing your personal, master password, which is not recommended. There are certain services, however, such as Bitwarden, File Browser, and Mastodon, that absolutely support multiple users (aka multi-tenancy, aka uncle Jim model) where people who trust you can create their own, personal accounts for these services on your Embassy. Just remind them that they are trusting you with their data, and that it might be preferable for them to take the final leap of self-sovereignty and get an Embassy of their own.
Why would I even buy this when I can just build it for free??
-------------------------------------------------------------
(1) White glove support. Because each Embassy comes with a unique product key engraved on it, and we have a record of all product keys ever, we can ask the user to verify their product key in order to receive a higher tier of support, such as phone calls.
(2) Supporting the project. Buying an Embassy from Start9 is your way of supporting the development of the project. And it's not just out of gratitude, but rather, a recognition that if the project isn't funded, the cool software stops coming.
(3) Convenience. This is the big one. It's true, some people will choose to use the software without buying an Embassy, but most will not. Very few people on Earth are comfortable using the command line, compiling code, and configuring an OS. Furthermore, hardware is necessary. Sure, some people already have a Raspberry Pi, and others may try to re-purpose an old laptop, but many people would be choosing between buying the Embassy hardware components themselves and assembling vs buying pre-assembled at a reasonable markup. And it's not just a pi, the Ambassador utilizes audio feedback, so a speaker is necessary too. Finally, due to the product key aspect, we can gate certain features of our hosted Service Marketplace. As in, if you buy an Embassy from us, certain services may be free, whereas they may be charged if you don't buy from us. Nothing stops a user from getting the service themselves from elsewhere, but again, convenience.
Bottom line...We are charging a very marginal rate for something incredibly powerful, and we think the convenience of a plug-and-play device, free service marketplace, and free white glove support is where the money is. Anyone could build their own couches too, but here is a reason furniture stores exist. How much is your time worth?
The fastest way to get support is via our `Telegram <https://t.me/start9_labs>`_ or `Matrix <https://matrix.to/#/!lMnRwPWnyQvOfAoEnD:matrix.start9labs.com>`_ channels. You can also `email us <support@start9labs.com>`_. Please do not hesitate to reach out!

415
source/support/faq.rst
View File

@@ -1,415 +0,0 @@
.. _faq:
***
FAQ
***
=======
General
=======
What is Start9Labs?
-------------------
Start9Labs is a company based in Denver, CO that builds the Embassy and EmbassyOS.
What is the Embassy?
--------------------
The Embassy is a "shelf-top" computer built using a `Raspberry Pi <https://www.raspberrypi.org/products/raspberry-pi-4-model-b/>`_ for hardware and running EmbassyOS software.
The internet as we know it is organized into questioners, or clients, and answerers, or servers. When you open a mobile email app, say Gmail, the app (client) begins asking questions: "have I received new mail?", "what are my last 50 messages?", "what drafts am I in the midst of writing?", and so on. Your app's questions are sent to and heard by a Google-run server which then provides answers back to the client and are subsequently displayed to the screen.
The Embassy is exactly that: your very own "answerer", just like Google's, except managed simply and with ease by and for you alone.
In other words, it is a generalized private personal server capable of running all sorts of self hosted open source software.
When you see your credit card information on your banking app, your messages in your texting app, your passwords in your password management app, all of that information comes from somewhere in the cloud: some server run by some company somewhere on the planet. Who can see the data stored in that server? Who can edit it? It's not always clear, but the increasingly common practice of selling your data to advertisers and the high-profile cyber-security breaches of the last decade suggest a pessimistic outlook.
One thing is for certain though: if you control your server, then you control your data. Your finances, your communications, all of it is actually yours -- and only yours -- with an Embassy.
Why do I care?
--------------
As an example, let's talk about the password manager, Bitwarden. It may help convey the concept of a personal server. Currently, when you use Bitwarden, your passwords are stored on a physical device (aka server) owned and operated by the Bitwarden team. Your phone or laptop sends requests to their server when you want to do anything: create an account, create a new password, retrieve existing passwords, etc. Your passwords are stored on their device, encrypted with your Bitwarden password. They are the custodian of your passwords, similar to getting a safe deposit box at the bank. The bank keeps your valuables in their vault, presumably they don't know what's in the box, and any time you want access to your box, you ask the bank for permission. This is exactly how a hosted Bitwarden experience works, as well as just about everything on the internet. When you install Bitwarden on your Embassy, by contrast, it's like building your own safe deposit box in a private bunker whose location is only known to you and whose keys only you posses. You create an account with yourself, store your passwords with yourself, etc. You are your own custodian. This same concept can be applied to just about everything on the Internet, without losing the convenience of the custodial model, which is what we are out to accomplish. This may sound cool, or neat, but it is so much more than that. The custodial data model is amongst the greatest threats to human liberty the world has ever seen.
How does the Embassy work?
--------------------------
The Embassy runs on the Raspberry Pi 4B hardware with a Cortex-a72 CPU, 4GB of RAM, and has 2.4ghz and 5.0ghz IEEE 802.11AC wireless capabilities and an internal speaker for audio feedback of system operations. It also features a high endurance MicroSD card, on which the operating system software is installed.
EmbassyOS is a stripped down version of Raspbian Buster Lite and handles all operations of your Embassy device. This core element of the technology stack is what enables you to set up, login, access your Embassys dashboard, and download and install services.
One of these operations is creating and managing Tor addresses, which are uniquely attributed to each service you download, as well as to the Embassy device itself. You can see your uniquely generated Tor address when you complete the setup process using the Setup App. This address is how you view your Embassys dashboard, which is actually just a website served up from your Embassy itself! It is authenticated, of course, so only you can access it.
You can connect to and manage your Embassy from any mobile device, desktop computer, or laptop computer. This is accomplished right through the browser by visiting your Embassy's private and unique URL.
Once on Embassy's web page, you can choose what services to install to the Embassy. Then, each installed service also receives its own private and unique URL, such that you can access it from the browser or any mobile app that supports using it as a backend.
The list of services will grow rapidly over the coming months, such that many things you currently do using cloud-based third party servers can be just as easily accomplished using your own personal cloud serving your own personal apps and storing your own private data. No trusted third parties at all.
What is EmbassyOS?
------------------
EmbassyOS is a new kind of Operating System (OS). It is built from the ground up to allow anyone to easily run their own cloud, become independent from Big Tech, and own their own data. EmbassyOS allows anyone to easily self-host their own software services.
EmbassyOS is a custom-built Linux distribution, which is a stripped down and beefed up version of `Raspbian Buster Lite OS <https://www.raspberrypi.org/software/operating-systems/>`_, along with a suite of software tools which make it easy to:
* Install, uninstall, and upgrade services from the custom Marketplace (similar to your phone's app store)
* Manage and run services that YOU control
* Upgrade your Embassy software with the latest features and security updates
* Backup services, and restore from backups if needed
Start9 Labs augmented the original Raspbian OS to include:
* a custom application management layer, specialized for installing, running, and backing up .s9pk packaged services
* a layer responsible for Embassy specific operations, such as Tor, Backups, and Notifications
The .s9pk extension is Start9 Labs' custom package format based on tar. It encompasses the necessary components to compress, host, and install a service on the marketplace.
What are EmbassyOS Services?
----------------------------
A Service can be any piece of software added to the Marketplace. All services are "self-hosted," meaning that you are in complete control of your data. This means you can run your own "cloud!" Learn more about managing services :ref:`here <managing-services>` and see our currently :ref:`Available Services <available-services>`.
Does the Embassy ship worldwide?
--------------------------------
Yes.
Does the Embassy have international electrical plugs?
-----------------------------------------------------
Power supplies for EU, AU, US, and UK are available.
Is the power supply that comes with Embassy 220v compatible?
------------------------------------------------------------
Yes.
How does pricing work for EmbassyOS? Are you targeting a specific USD price?
-----------------------------------------------------------------------------
The price is changed every 2016 blocks, which occurs about every 14 days. And no, the intent is not to tie EmbassyOS to a USD value, though at the moment USD is a convenient proxy for real purchasing power.
What are you using for a store backend? Do you store my data?
--------------------------------------------------------------
Here is our exact situation currently:
Embassy device sales are processed through Shopify, which we do not like, but it was expedient in the early days, especially for shipping, so we went with it. Aside from a master list of email addresses for those who have explicitly opted in to our mailing list, all customer data is contained within Shopify. We do not duplicate it anywhere. We are asking Shopify to delete our customer data, but they claim it will take upward of 3 months to comply and we of course have no guarantee the data will actually be deleted permanently. This is partly why we exist...as such, we will be moving off of Shopify and onto a self-hosted solution, where Start9 alone controls our customer data for Embassy purchases, which we will delete as a matter of policy following a short grace period after delivery.
For EmbassyOS sales, we took the maximally private approach right out of the gate. When you buy EmbassyOS, the only thing we need is an email address, and you can only pay with bitcoin. That's it. Then, unless you have explicitly requested that we keep your email for mailing list purposes, we delete the email immediately upon transaction completion.
So...in summary: (1) the shipping data we currently have is stored in Shopify (2) we are asking Shopify to delete all our customer data (3) we will be migrating off of Shopify (4) going forward, we alone will control customer data and will purge it regularly (5) you can always assemble the hardware yourself and just buy EmbassyOS from us with bitcoin, which only requires an email, which is gets purged immediately.
I want to help, but I'm not a developer. Are there any ways for non-coders to contribute?
------------------------------------------------------------------------------------------
1. Shill it to everyone and create awareness
2. Answer questions from new users in the community channels
3. Make tutorial videos
4. Write instruction manuals or commit to the docs
===========
Basic Usage
===========
Is it easy to use?
------------------
Yes! The Embassy is designed to be plugged into power and internet, and after a short setup, is immediately ready to use. Getting services is as easy as getting apps for a smartphone.
So I can run my own cloud?
--------------------------
Yes! No special skills or knowledge are required to host all your own services and replace those previously thought "necessary" for modern digital life.
Can I run multiple Embassies?
-----------------------------
Yes, but there is currently no way to synchronize or federate them. We are working on ways to make this possible in the future.
What if I forget my Embassy password?
-------------------------------------
Check out the `docs < https://docs.start9labs.com/user-manual/general/forgot-password.html>` on forgot password, and let us know if you have any additional questions. All your services and data will remain.
Can I move my Embassy to another location? What happens when I do this?
------------------------------------------------------------------------
Yes, you can move the Embassy to another network. Your service tor addresses will remain the same.
Whats the advantage of using the .local address over the .onion address?
-------------------------------------------------------------------------
If you are in your home network it is both faster and more private since the connection never leaves your household. The downside is that it wont work if youre on the go.
Is the software Open Source?
----------------------------
Yes! EmbassyOS is open sourced under the `Start9 Personal Use License <https://start9labs.com/license>`_. Some of our other projects are currently open sourced under MIT. You can find these in the Start9 Labs `GitHub repository <https://github.com/Start9Labs>`_.
Is there a product warranty?
----------------------------
Yes! Start9 commits, to the best of our ability, to serving each beta Embassy product released until the wild. We will resolve any issue encountered with our provided hardware or software in a personalized matter. We strive to provide highly available, quality customer service.
Can you tell me about the License?
----------------------------------
EmbassyOS is published under our own Start9 Non-Commercial License, which has similar properties to many open source licenses with the exception that users cannot in any way, either through products or services, commercialize the source code, and any changes to the code or derivative works of the code are treated in the same manner. This means people will be welcome to access the source code, download it, use it, run it, fork it, change it, improve it - whatever they want - except sell it or sell services related to it.
I run a business, can I use an Embassy for tasks such as password management and file sharing?
----------------------------------------------------------------------------------------------
Absolutely. An Embassy would be a great addition to any business as it is easy to use and provides services that you control, with no subscription fees.
With the addition of `BTCPay Server <https://btcpayserver.org/>`_, you can even run your own payment processor and accept cryptocurrency payments with no third party necessary!
Can I have multiple users on my Embassy?
----------------------------------------
Currently, the Embassy itself is designed to for a single user. There is no way to grant others access to your Embassy without sharing your personal, master password, which is not recommended. There are certain services, however, such as Bitwarden, File Browser, and Mastodon, that absolutely support multiple users (aka multi-tenancy, aka uncle Jim model) where people who trust you can create their own, personal accounts for these services on your Embassy. Just remind them that they are trusting you with their data, and that it might be preferable for them to take the final leap of self-sovereignty and get an Embassy of their own.
Why would I even buy this when I can just build it for free??
-------------------------------------------------------------
(1) White glove support. Because each Embassy comes with a unique product key engraved on it, and we have a record of all product keys ever, we can ask the user to verify their product key in order to receive a higher tier of support, such as phone calls.
(2) Supporting the project. Buying an Embassy from Start9 is your way of supporting the development of the project. And it's not just out of gratitude, but rather, a recognition that if the project isn't funded, the cool software stops coming.
(3) Convenience. This is the big one. It's true, some people will choose to use the software without buying an Embassy, but most will not. Very few people on Earth are comfortable using the command line, compiling code, and configuring an OS. Furthermore, hardware is necessary. Sure, some people already have a Raspberry Pi, and others may try to re-purpose an old laptop, but many people would be choosing between buying the Embassy hardware components themselves and assembling vs buying pre-assembled at a reasonable markup. And it's not just a pi, the Ambassador utilizes audio feedback, so a speaker is necessary too. Finally, due to the product key aspect, we can gate certain features of our hosted Service Marketplace. As in, if you buy an Embassy from us, certain services may be free, whereas they may be charged if you don't buy from us. Nothing stops a user from getting the service themselves from elsewhere, but again, convenience.
Bottom line...We are charging a very marginal rate for something incredibly powerful, and we think the convenience of a plug-and-play device, free service marketplace, and free white glove support is where the money is. Anyone could build their own couches too, but here is a reason furniture stores exist. How much is your time worth?
The fastest way to get support is via our `Telegram <https://t.me/start9_labs>`_ or `Matrix <https://matrix.to/#/!lMnRwPWnyQvOfAoEnD:matrix.start9labs.com>`_ channels. You can also `email us <support@start9labs.com>`_. Please do not hesitate to reach out!
=============================
Embassy (Device, OS, and DIY)
=============================
Can I run EmbassyOS on a VPS or VM?
-----------------------------------
Maybe, but we advise against this. It is designed to be used on a RaspberryPi.
Is it possible to use the EmbassyOS on my own hardware?
-------------------------------------------------------
Yes! The :ref:`diy guide <diy>` will take you through the setup steps. This option is great for people who already own the necessary hardware or who live outside the US and want to save on shipping and customs fees.
Additionally, EmbassyOS is available to build from source under the Start9 Personal Use License. If you have the time and energy, it is possible to download and compile EmbassyOS yourself, for free, with the caveat that your “Embassy” will not have a product key generated by us. This means you will miss out on the perks that come along with purchasing from us, which will grow over time.
Do I plug the Embassy into my computer?
---------------------------------------
No. The Embassy only needs to be plugged into power and internet, just like your router. You can set it up right by your router and forget about it.
How much storage does the Embassy have?
---------------------------------------
Currently, the Embassy ships with a 128gb of storage.
Are my Internet requests anonymous and secure?
----------------------------------------------
EmbassyOS and every service on the Embassy serve their own Tor Hidden Services with unique Tor addresses. The private keys used to create these addresses are generated on your phone or computer when you first set up the Embassy. No one, not even Start9, has any idea what your Tor addresses are, let alone the password(s) you choose to authenticate with them.
Can multiple Embassies be setup to run redundantly in physically separate locations?
------------------------------------------------------------------------------------
Soon (tm). Currently no, be we have plans for a feature that will enable Embassies to provide encrypted, automated backup services for one another.
How does the Embassy compare to other Bitcoin nodes or personal servers?
------------------------------------------------------------------------
The cheapest way to run a Bitcoin/Lightning node is to buy a Raspberry Pi (or equivalent), compile the software from source yourself, and host everything on Tor. This takes even technical people significant time to accomplish. On the other end of the spectrum is something like the Embassy, which "just works". In between is stuff like MyNode, Nodl, Dojo, Umbrel, and Raspiblitz, which all require some degree of command line effort and network configuration. The biggest benefit of the Embassy is that it is infinitely extensible to all of open-source, self-hosted software. The service listing will expand enormously over time in ways the other platforms cannot.
Would you consider (Umbrel, Nodl, Dojo, etc) a competitor to you guys, or are they different enough to be compatible?
---------------------------------------------------------------------------------------------------------------------
Other node devices are competitors, and there are distinct trade-offs to each platform, but we are definitely moving toward the same future, which is a win for everyone!
We are taking more a general approach to all of open-source, self-hosted software, including Bitcoin/Lightning. They are more Bitcoin/Lightning oriented.
Is a more powerful device in the works??
----------------------------------------
In the near future, the Embassy will move to more powerful hardware.
I heard on an old podcast that there will be an Embassy Two, to be launched in 2021. Is there an ETA on this?
--------------------------------------------------------------------------------------------------------------
Do not expect a new device in 2021, but we are always doing R&D.
Can I mine Bitcoin with this?
-----------------------------
No, you can not.
Does the Embassy only work over Tor? No http or VPN...??
--------------------------------------------------------
The Embassys current primary communication is Tor, yes. In many cases we use HTTP over Tor (they are not mutually exclusive), you can see this by navigating to the Tor address in a browser and see the “http” in front of it. A VPN is a feature were exploring as an alternative to Tor to make things faster without meaningfully impacting privacy. You can also connect directly via LAN if you are on the same network as your device.
What if someone gets physical access to my device, can they read the contents? Is it encrypted?
-----------------------------------------------------------------------------------------------
The device is currently not currently protected in that way. Someone with physical access to the device can get full access to everything on it.
Apps like Bitwarden however do not store plaintext information, so your passwords will not be compromised unless they know your master password.
Why http and not https for .onion websites?
-------------------------------------------
When visiting a Tor V3 URL (.onion website), your communications are end-to-end encrypted and onion-routed by default. There is no added benefit to using https.
=========================
Setup and Troubleshooting
=========================
What do I do first?
-------------------
Simply plug the device into power and internet, typically from your home internet router. That's it! After this, get the :ref:`Setup App <initial-setup>`, and follow the instructions.
How do I know if my Embassy is running?
---------------------------------------
After plugging into power and internet, you will hear 2 distinct sounds: first, a “bep” indicating the device is powering on, and second, a “chime” indicating the device is ready for setup.
What if I can't connect to my Embassy?
--------------------------------------
Please ensure your phone / computer is connected to the same wired or wireless network as your Embassy. Be careful that you are not on a separate or "guest" network.
Can I use the Embassy from behind a VPN, for example, if my router has a built-in VPN?
--------------------------------------------------------------------------------------
While this is possible, it adds complexity, which may lead to problems. You will need to understand the setup of your router/VPN and how it supports (or doesn't support) tor connections.
If you are having trouble with this, you might consider letting the Embassy out "in the clear," since everything is broadcast exclusively across the Tor network, offering a high level of privacy.
========
Services
========
My Embassy is set up, now what?
-------------------------------
You can now access your Embassy and find the Services you want from the "Marketplace" tab, then clicking "Install." The Service will let you know if you need any "dependencies," or pre-requisite Services, first. After you have a Service installed, don't forget to "Start" the service.
What if I cannot connect to a Service?
--------------------------------------
Please make sure the service is started by viewing it in the Services tab in the Embassy dashboard menu. A green indicator bar should be visible.
Can it be used as a firewall?
-----------------------------
Potentially. The PiHole service is on the roadmap.
Will there be a VPN?
--------------------
We are looking into adding as a Wireguard service for VPN access when you are not home. A client-to-client VPN may also be possible.
Can the Embassy run 'X' Service??
---------------------------------
Potentially. `Here <https://github.com/awesome-selfhosted/awesome-selfhosted>`_ is a comprehensive list of self-hosted services, any of which can theoretically make it to the Embassy one day.
If you are interested in packaging a service up for the Embassy, which does not require extensive development skills, please see our guide :ref:`here <service_package_overview>`.
We are aggressively moving away from service development in favor of a more community driven approach. Meaning you, an app development team, or anyone else on Earth, can bring the Service they want to the Embassy Marketplace. You don't need our permission.
Is the Embassy a Tor relay node?
--------------------------------
No, currently it is not, but we plan to add that functionality in the future.
Are files on File browser encrypted on disk?
--------------------------------------------
No, not currently.
Can I use my CUPS instance with other people? How does that work?
-----------------------------------------------------------------
Cups does not have multiple accounts support. Each person would need their own Embassy. We are considering adding multi-account support to Cups, but it's just not a priority at the moment.
Is the embassy able to connect to Sphinxchat?
---------------------------------------------
Maybe, but we are also planning to add Sphinxchat to the Embassy directly.
Can the browser extension be used with Bitwarden hosted on the embassy?
-----------------------------------------------------------------------
Yes, but only in a tor-enabled browser. Just add your .onion address as the server in the extension.
I don't see an answer to my question regarding a certain service. Is there more documentation?
-----------------------------------------------------------------------------------------------
While we are intent on providing the most friendly experience possible to our customers, ultimately it will be impossible for Start9 to create documentation and tutorials for every service we make available on the Embassy. Each service *should* have its own documentation produced by the service developers themselves, and we will do our best keep track, consolidate, and link to it. Also, much of the reason good tutorials don't exist is simply because no one in the community has taken the time to produce it. If you come across something useful or write something up yourself, please let us know and we will promote it. Otherwise we will do our best to answer questions as they arise and gradually build out tutorials where they are lacking.
I want to understand in depth how a Service works and it's available configuration options. Where can I go to learn more?
--------------------------------------------------------------------------------------------------------------------------
Depending on the app, the config options can be quite involved. Bitcoin Core, for example, has an enormous amount of complex options, almost none of which are useful to a normal user doing normal things. We chose some very sane defaults that should work for normal use cases. Here is an example config from the Bitcoin `GitHub <https://github.com/bitcoin/bitcoin/blob/master/share/examples/bitcoin.conf>`.
By reading the descriptions in the link above, as well as doing some extra searching on your favorite search engine, you can begin to discover all the crazy ways in which someone can customize their Bitcoin node. Here is another list of `possible options <https://en.bitcoinwiki.org/wiki/Running_Bitcoind>`_.
We translated much of (but not all of) the tons of options into a clean and easy-to-use GUI with toggles, dropdowns, inputs, etc, which is what you're seeing in your config screen. If you notice the little "?" icons on the left of each option, clicking them will provide a brief description as to what the option does. Also, our config GUI restricts the possible values you can enter such that you don't accidentally crash Bitcoin. That said, be very careful about just randomly changing things, lest your node starts to behave strangely.
=============================
Bitcoin and Lightning Network
=============================
Why does the Bitcoin service take so long to be ready?
------------------------------------------------------
On first install, the Bitcoin service must verify the entire history of transactions in order to verify transactions going forward. This can take approximately a week depending on your internet connection. You can continue to use the Embassy normally in the meantime.
You can learn more about the Initial Block Download in `this video <https://www.youtube.com/watch?v=OrYDehC-8TU>`_.
Can the IBD (Initial Block Download) be made faster? Or can wait times be improved?
------------------------------------------------------------------------------------
We have some work planned to improve the wait times, which we think is the better way to deal with painful sync times without sacrificing the trust minimization.
I'm getting this error: unable to connect to bitcoind: -28: Loading block index... What do I do?
------------------------------------------------------------------------------------------------
The block index error is normal and goes away after the Bitcoin blockchain has synced. If you have completed the Initial Blockchain Download (IBD), this will be a few minutes at most.
Does the Embassy run a full archival Bitcoin node?
--------------------------------------------------
The Embassy runs a full node, but does not run a full *archival* node, it's pruned. This means it does not store the entire Blockchain. As it syncs, it discards blocks and transactions it does not need.
It is fully validating and verifying consensus all the way from Genesis. Really, the only reason to store the entire Blockchain is if you want to run a block explorer. Learn more here: :ref:`node`.
What actions, specifically, are only possible with an archival, or unpruned node?
-----------------------------------------------------------------------------------
The more sophisticated the blockchain analysis being done is, the more index data is required, which will increase the system resources required. For example, if you wanted to run a block explorer, you would require not only a full archival node, but also a full transaction index.
Is it insecure to run a pruned node?
------------------------------------
As a user, pruned nodes and archival nodes provide you the same security. In a larger sense, if 100% of people ran pruned nodes, the security of the network could be in dire circumstances and be put at risk if no nodes kept history, as then no one could bootstrap new nodes. The reality however, is that most Embassy owners are new node operators, so there is no net systemic risk introduced.
Why would I want to run a lightning node?
-----------------------------------------
The Lightning Network (LN) is a second 'layer,' built on top of the Bitcoin Protocol. As a result all transactions on LN are backed up by the full security of the Bitcoin network. Lightning is designed for instant payments between nodes, but similar to running a Bitcoin node, running your own is the only way to be sovereign. When you have your own node, you will have the convenience of linking a Lightning wallet, for use on the go. It is also possible to earn an income (granted a very small one at this time), if you are willing to learn how to become a 'routing node.'
I opened a Lightning channel, but my local balance is lower than I expected. Where is the remainder?
-----------------------------------------------------------------------------------------------------
A fee to close the channel (onchain) is set aside at opening.
How is that fee estimation calculated?
--------------------------------------
The commitment fees are automatically negotiated every few blocks with your peer. They are on chain txs like all channel closes but they are not broadcast until you attempt to close the channel.
What would happen if I shut down an Embassy that is running a Lightning node with open channels?
------------------------------------------------------------------------------------------------
It is REALLY IMPORTANT that people understand that if they shut off their Lightning services for long periods of time (days on end) it is possible for your peers to cheat you out of money. If you are not prepared to LOSE ALL THE MONEY IN YOUR CHANNELS, KEEP YOUR NODE RUNNING.
That said, malicious actors on the network right now are probably sparse, however you are still open to that risk if you do not keep your node online.
Is there a solution to this?
----------------------------
Yes, the concept of a Watchtower was originally conceptualized in the LN whitepaper. A Watchtower is simply a lightning node to which you can give the authority to monitor transactions associated with your open payment channels.
Is a wallet vulnerable to hacking if its always online??
---------------------------------------------------------
Funds are not stored on the node typically. The node simply serves as a source of truth for the state of the blockchain. Attacks depend on where the keys are and where the signing happens. You can use something like a hardware wallet for better security. Though, to be fair, a lot of attacks depend on you or your machine being targeted specifically, and a whole bunch of attack vectors are highly theoretical and obscure.
Most successful attacks seem to be either fake/doctored software or a social attack (tricking you into installing some malware or giving your seed outright or something like that).
Keep in mind, however, the more value there is out there to steal, the more sophisticated attacks will get automated (bots, crawlers etc). So its not just the risk profile of today, but also tomorrow you have to consider. Thats why something like a hardware wallet or dedicated mobile device for key signing is a good idea.
Even if your wallet is plugged into your Embassy, whether your wallet is hot or cold depends on the hardware that stores the keys.
How does Bitcoin Proxy request (and verify) data when that data is needed by some app using it?
-----------------------------------------------------------------------------------------------
Proxy fetches blocks from your pruned node if it still has them, and fetches them from peers when it does not. Proxy can ensures the fetched block is valid by comparing it to its header, which is retained by the pruned node. The header is a product of the hash of the block itself, amongst other things, so it can't be
What is the difference between the Bitcoin Wallet Tracker and the Electrum Personal Server?
-------------------------------------------------------------------------------------------
Bitcoin Wallet Tracker and Electrum Personal Server are 2 services that do the same thing, similar to bitcoind vs btcd, or lnd vs c-lightning.
Both work with your Bitcoin node to provide a richer set of information to wallets than could be done with bitcoind alone. They are basically identical in purpose, their differences are notably in the software memory requirements and how snappily they can answer the same questions.
Electrum (and some other wallets) require more than just a Bitcoin node to run in a sovereign way, they require an “Electrum Server”. Both Electrum Personal Server and Bitcoin Wallet Tracker are “Electrum servers”.
Which wallets can I use that sync with my Embassy Bitcoin node?
---------------------------------------------------------------
There are many wallets that support linking to your own full node. You will need one that supports tor. Here are a few options that are compatible: FullyNoded, Samourai, Specter, Wasabi, Zap, and Zeus.
Is BlueWallet an option?
------------------------
BlueWallet requires a seperate backend service called LNDHub, which is not available on the Embassy at this time.
Is it possible to run c-lightning and lnd parallel on the Embassy?
------------------------------------------------------------------
Yes, you may run both. They will operate in their own environments and allow you to run services that depend on either.
How do I connect my Spark mobile app to the Embassy Spark server?
-----------------------------------------------------------------
To use a Spark client, you still need to have Spark installed on the Embassy (which serves Spark). Then, under Properties, there is a "Pairing URL". The first part of this is the server URL, and the end portion of it is the access key.
Are my addresses, channels, and balances all stored in LND or in RTL?
---------------------------------------------------------------------
This is all on LND, and RTL is just a GUI for accessing LND. On-chain balance is also part of the LND backup.
Is there a way to use the channel backups made within RTL?
----------------------------------------------------------
The only backup flow we officially support is through the Embassy backup system. This does include the channel backups created automatically by LND, but it must be understood that backups in Lightning are very different than they are on Layer 1 Bitcoin. If you restore from backup all your channels will close, and there is a potential, albeit small, probability for you to lose funds.
When attempting to add new peer, RTL says "server is still in the process of starting," but chain state seems to be fully up to date. What can I do?
-----------------------------------------------------------------------------------------------------------------------------------------------------
Check the LND logs, it can take a while to bootstrap, and starting RTL before this completes could cause errors.
"Server is still in the process of starting," but LND and RTL are running. How can I address this?
---------------------------------------------------------------------------------------------------
You may need to restart the LND Service.
What's the best way to move a small lightning balance?
------------------------------------------------------
It is possible to have lightning balances that are so low that they will not (or barely will) cover the on-chain fees to recoup into an on-chain wallet.
Why are Lightning Network backups and moves so complicated?
-----------------------------------------------------------
There are safe ways to do an “atomic move” of a LN node but it requires a very specific sequence of actions and certain mistakes can result in your counterparties taking all your funds. Fundamentally, today, LN works on a punishment scheme. This means if you publish revoked state, that the counterparty is entitled to a claim on all the funds in the channel. This incentive system is what makes the whole thing work. Without it LN would be subject to various kinds of thievery.
So the downside is that backups of old state are not safe. This is because your node might believe it is the real state of the channel, but it may be unaware of states created since then. The problem here is that your node naively believes something different from the truth, which can result in all of the funds being lost. In response to this reality, the safe backup systems, including those generated by RTL, actually do not include channel state. They only list the peers that you had channels with. Restoring these backups essentially politely asks your peers to force close the channels they have with you. In those moments it is possible for your peer to try and cheat you, but they cannot be 100% sure that you cant punish them, so its extremely unlikely that they will attempt to do so.