Hello together,
oh, indeed it seems that the original link does not work. Sorry for that! I uploaded it to two more places - they should work fine I hope:
http://www.filedropper.com/bitcoinsafeusagev02 http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02--> updated version 0.3:
http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (PDF only)
To some of your questions above:
- I am not implying that Linux or open source is automatically secure by itself just because it is Linux or open source. But I am saying that if you want to set up a secure system, then using an open source system is a precondition (and you have to do it correctly of course). Because with closed source, you can never know if there are backdoors/Trojans.
- If you are afraid that the PDF I am linking to is somehow infected, I propose you boot from a Live CD like Knoppix or Ubuntu or almost any other of today's distros *after* having unplugged all hard drive cables from your computer system, and then print out the PDF. This would be the "paranoid secure mode" that I would well respect. In this particular case, I can just ensure that the PDF is clean. I wrote it with Open Office and printed it to a PDF printer on an Ubuntu 8.04 LTS which I hope (but I am not sure of course) that it is a "clean system".
- I do not have the illusion that any single idea in my document is totally new. Probably every single aspect has been written down already sometime somewhere. But what is probably new is that you have everything compressed in one doc. So some readers (not all of course) might have another view on the topic after having read it, or get some new ideas at least. And of course, the concrete guide line given in the paper should help to setup a secure system step by step. The interested reader may want to print it out and use it as a tutorial when setting up his/her secure system for "Bitcoin banking" (not to be confused with systems for mining).
I think everybody who wants the Bitcoin project to succeed should be interested in that the Bitcoin Client is used in a secure way by as many people as possible, to avoid news like the recent "500.000 USD theft", which is counter productive to the Bitcoin project.
Finally, we should all realize that we, the participants in this forum, have different backgrounds, different knowledge and different views of what is secure. And we should respect other opinions, even if our own is a different one, and try to give reason why he have this or that opinion.
E.g., some people think that running bitcoin client in a VMware virtual machine is a means of increasing security; I have some doubts because VMware may contain Trojans since it is closed source. Some think that a Linux distro like "linuxcoin" is a good thing. I think it may be a good thing for MINING as of today, but otherwise only a good IDEA but not a good thing as of today, because it contains lots of proprietary software that cannot be excluded to contain Trojans that spy out your wallet.dat. But maybe one day we will really have a secure and slim Live CD-based 100% open-source Linux distro that is suitable for operating the Bitcoin client quite securely. I very much hope so.
In my view, to what I know today, the best candidate for such a
future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).