Pages:
Author

Topic: Armory - Discussion Thread - page 53. (Read 521829 times)

legendary
Activity: 2126
Merit: 1001
April 22, 2014, 03:31:10 AM
there gotta be a vmless solution here

We're going OT here, but obviously security is the main reason we are here to begin with :-)

Some time ago I found "Qubes OS":
https://en.wikipedia.org/wiki/Qubes_OS

It's a Linux distribution where you have different security domains. In the inner works, that's several independent virtual machines, but without all the hassle for us users.







I like their concept!

Ente
hero member
Activity: 763
Merit: 500
April 22, 2014, 12:40:00 AM
there gotta be a vmless solution here
Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.

Any good tutorial on this?  I've played around with it but am definitely a rookie?  I do use Tails when I run armory though, is that the same idea?
legendary
Activity: 1400
Merit: 1013
April 21, 2014, 11:56:13 PM
there gotta be a vmless solution here
Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.
newbie
Activity: 8
Merit: 0
April 21, 2014, 09:27:36 PM
Also having issues getting to the site this evening....
hero member
Activity: 533
Merit: 500
^Bitcoin Library of Congress.
April 21, 2014, 05:57:28 PM
Did you get any flickering as i have aka constant connected/disconnected switching as one can take from the previous post one page back in my armory log and comment which hasn't been replied to as of yet.
No flickering for me with this setup.

What specific command would i have to add to my bitcoin shortcut to get this working?
I have my computer set up with two .conf files and two shortcuts because I want to be able to use bitcoin-qt with and without Armory.  This complicates my setup a little bit.  If you just want to use bitcoin-qt with Armory all you need to do to prepare bitcoin-qt for Armory is add these two lines to your bitcoin.conf file.
Code:
bind=127.0.0.1
listen=1

Is this any different than just adding the    --satoshi-port=9150    switch to my armory shortcut?
Yes, adding the "--satoshi-port=9150" switch tells Armory to communicate with bitcoin-qt through port 9150 while adding
Code:
bind=127.0.0.1
listen=1
to bitcoin.conf tells bitcoin-qt to listen on all ports but only accept communication from your computer.

Something tells me its not good to have bitcoin core accept external connections.
Code:
bind=127.0.0.1
This line prevents bitcoin-qt from accepting external connections. (external as in from outside your computer)


newbie
Activity: 5
Merit: 0
April 21, 2014, 05:27:11 PM
Is bitcoinarmory.com down? All I get is "File not found."

In possibly related news, Armory (v.90 beta) is crashing for me as of today while trying to sync the blockchain.

I too am having trouble accesing the main site (File not Found.)  Also, I am using 0.88 beta, and I am getting crashes while syncing.  Anybody in the know want to weigh in on this???
newbie
Activity: 8
Merit: 0
April 21, 2014, 05:13:27 PM
Is bitcoinarmory.com down? All I get is "File not found."

In possibly related news, Armory (v.90 beta) is crashing for me as of today while trying to sync the blockchain.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
April 21, 2014, 05:02:39 PM
there gotta be a vmless solution here

Of course there is.  I'm just mentioning that this sounds like a solid solution to use (if done properly), if you have more than a casual interest in the privacy of Tor.  And it doesn't require us (Armory devs) to do anything to support it.

Please carry on, figuring out a non-VM solution, and helping us figure out how to make sure Armory behaves itself properly in that environment.
newbie
Activity: 54
Merit: 0
April 21, 2014, 04:56:15 PM
there gotta be a vmless solution here
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
April 21, 2014, 04:05:36 PM
https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.

i would very much like that alot im sure im not the only one here ,  btw in the meanwhile how do we disable the rest of armorys call back home routines aka anything that doesnt go over bitcoin cores connection

I actually really like justus's suggestion in the short-term, because it completely compensates for anything Armory does that is not ideal for Tor.  Setup a VM that basically only allows traffic through Tor.  Armory can't really misbehave in that environment.

Though, at the same time, I don't think it would be to make sure Armory is doing the right thing, I'm just not the person to do it.
newbie
Activity: 54
Merit: 0
April 21, 2014, 03:27:54 PM
https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.

i would very much like that alot im sure im not the only one here ,  btw in the meanwhile how do we disable the rest of armorys call back home routines aka anything that doesnt go over bitcoin cores connection
newbie
Activity: 54
Merit: 0
April 21, 2014, 03:18:58 PM
I managed to get Tor, Armory, and Bitcoin-qt working together.  Here's my setup:

Armory has no command line arguments, the only change is I unselected "Let Armory run Bitcoin-Qt/bitcoind in the background" in settings.

Tor was left with the default settings.

For Bitcoin-qt I first ran the program and deselected "Map port using UPnP" and selected "Connect through SOCKS proxy".  (Proxy IP: 127.0.0.1, Port: 9150, SOCKS Version: 5)  I also created a shortcut with one command line argument to use a different .conf file in the Bitcoin data directory (which I named Armory.conf)
Code:
#For Armory
bind=127.0.0.1
listen=1
Bind = 127.0.0.1 should mean that only local processes can connect to your node.  And listen=1 should mean that it accepts external connections (external as in not from bitcoin-qt itself, not necessarily from outside your computer)



did you get any flickering as i have aka constant connected/disconnected switching as one can take from the previous post one page back in my armory log and comment wich hasnt been replied to as of yet ,  and what specific command would i have to add to my

bitcoin shortcut to get this working and is this any different than just adding the    --satoshi-port=9150    switch to my armory shortcut , and something tells me its not good to have bitcoin core accept external connections meaning it would be connecting to your

clearnet or am i wrong ? cause last time ive used the listen=1 switch thats what it did ive tested bitcoin core without tor running and it was syncing while running that switch   , thanks
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
April 21, 2014, 11:10:34 AM
There's an option in the settings that says something like "Let armory manage bitcoind"
newbie
Activity: 31
Merit: 0
April 21, 2014, 09:47:43 AM
How do you "Turn off bitcoind auto management"?
hero member
Activity: 533
Merit: 500
^Bitcoin Library of Congress.
April 21, 2014, 09:30:19 AM
I managed to get Tor, Armory, and Bitcoin-qt working together.  Here's my setup:

Armory has no command line arguments, the only change is I unselected "Let Armory run Bitcoin-Qt/bitcoind in the background" in settings.

Tor was left with the default settings.

For Bitcoin-qt I first ran the program and deselected "Map port using UPnP" and selected "Connect through SOCKS proxy".  (Proxy IP: 127.0.0.1, Port: 9150, SOCKS Version: 5)  I also created a shortcut with one command line argument ("-conf=Armory.conf" to use a different .conf file in the Bitcoin data directory)
Code:
#For Armory.conf
bind=127.0.0.1
listen=1
Bind = 127.0.0.1 should mean that only local processes can connect to your node.  And listen=1 should mean that it accepts external connections (external as in not from bitcoin-qt itself, not necessarily from outside your computer)

Edit: Added which command line argument I used with bitcoin-qt (-conf=Armory.conf) NOTE: This argument is not necessary to use bitcoin-qt and Tor with Armory!
legendary
Activity: 3766
Merit: 1364
Armory Developer
April 21, 2014, 02:02:34 AM
Has anyone been able to run Armory on Tails OS?
That should be easier to set up, than regular tor, right?
Bitcoin-QT works fine in Tails, but Armory is stuck at "initializing bitcoin engine"

Turn off bitcoind auto management, and I hope you're not trying to download the chain off of Tor
newbie
Activity: 31
Merit: 0
April 21, 2014, 01:18:36 AM
Has anyone been able to run Armory on Tails OS?
That should be easier to set up, than regular tor, right?
Bitcoin-QT works fine in Tails, but Armory is stuck at "initializing bitcoin engine"
legendary
Activity: 1400
Merit: 1013
April 20, 2014, 10:44:54 PM
The best way to use Tor is to run your privacy-sensitive application in a virtual machine, and use firewalling and virtual networks on the host side to make sure it's absolutely impossible for the VM to send packets anywhere except through your Tor proxy.

Does require some advanced Linux networking and sysadmin knowledge to do correctly though.
legendary
Activity: 3766
Merit: 1364
Armory Developer
April 20, 2014, 10:16:32 PM
https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
April 20, 2014, 09:21:50 PM
What settings would you suggest to use Armory while bitcoin-qt is running through Tor?  I don't mind trying out your idea's, just want to make sure we find a way that works.

Btw, regardless of what we say here, I would not interpret that as official advice or in any way guaranteeing ... anything.  I bring this up because many people use Bitcoin in ways where privacy is equivalent to their personal security (either in less-free states, or for doing questionably legal things). 

I suspect that the strong privacy protections of Tor probably require both the user and the developer to be careful.  Unfortunately, I have spent no time learning about Tor, or spent any time figuring out how to make sure it doesn't leak information.  As such, I would not rely on it in this way unless you have only a casual necessity for privacy. 

I would be happy to entertain someone who really understands Tor, to be able to review what Armory does, and make sure it doesn't do things that leak information.  For instance, we have periodic announcement checks, and check for internet connection on startup by pinging google and microsoft.com.  Both of these can be disabled -- but I suspect there may be other things that I don't realize leak information, even when the user has been careful.

Pages:
Jump to: