I haven't seen anybody post about what would be my biggest worry if I were trying out alternative block chains. I realize this may be perceived as "Gavin is FUD'ding anything that isn't bitcoin!" (FUD == Fear, Uncertainty and Doubt) But I think some of you might be forgetting some basic computer security fundamentals in the excitement to be early adopters.
When I first heard about bitcoin, my questions were:
1) Can it possibly work (do the ideas for how it works make sense)?
2) Is it a scam?
3) If it is not a scam, could it open my computer up to viruses/trojans if I run it?
I answered those questions by:
1) Reading and understanding Satoshi's whitepaper. Then thinking about it for a day or two and reading it again.
2) Finding out everything I could about the project. I read every forum thread here (there were probably under a hundred threads back then) and read Satoshi's initial postings on the crypto mailing list.
3) Downloaded and skimmed the source code to see if it looked vulnerable to buffer overflow or other remotely exploitable attacks.
If I were going to experiment with an alternative block-chain, I'd go through the same process again. But I'm an old conservative fuddy-duddy.
If you want to take a risk on a brand-new alternative block-chain, I'd strongly suggest that you:
1) Run the software in a virtual machine or on a machine that doesn't contain anything valuable.
2) Don't invest more money or time than you can afford to lose.
3) Use a different passphrase at every exchange site.
in my personal opinion
It's hard enough to get the half-baked alt chain software to run at all (and speed is of the essence knowing they are all quickly collapsing pyramids) never mind configuring a VM with appropriate hardware access.
> Don't use Windows and pre-built .exes. Just don't. Ever. Nothing inherently wrong with Microsoft software, but it is well understood and commonly used by the botnet types.
> Create a new account with no group membership. I call mine "goatse" for obvious but nostalgic reasons. Make absolutely sure that account doesn't have read or write access outside of their home directory.
> Log out of your main account and into that account whenever compiling or running the alt chain software. Remember that compilation & installation scripts are code!
> Do not browse exchange sites you have coinage in and definitely do not save passwords in the browser when logged in as this account.
> If you log into this account via ssh DO NOT enable X proxying. It's trivial to read your keystrokes, do screen captures, etc when X is proxied. Let me repeat this one, make sure X proxying is disabled.
And yes, I even follow this for official bitcoin software.
