Armory - Discussion Thread - page 53.

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: shoesman on April 21, 2014, 05:56:15 PM

there gotta be a vmless solution here

We're going OT here, but obviously security is the main reason we are here to begin with :-)

Some time ago I found "Qubes OS":
https://en.wikipedia.org/wiki/Qubes_OS

It's a Linux distribution where you have different security domains. In the inner works, that's several independent virtual machines, but without all the hassle for us users.

I like their concept!

Ente

superbit

hero member

Activity: 763

Merit: 500

Quote from: justusranvier on April 22, 2014, 12:56:13 AM

Quote from: shoesman on April 21, 2014, 05:56:15 PM

there gotta be a vmless solution here

Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.

Any good tutorial on this? I've played around with it but am definitely a rookie? I do use Tails when I run armory though, is that the same idea?

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: shoesman on April 21, 2014, 05:56:15 PM

there gotta be a vmless solution here

Given the deplorable state of PC security these days, the necessity of VMs goes way beyond Armory.

If you're not already running virtual machines to segregate network-facing services from each other and the host OS then you're behind the security curve. That's the bare minimum you need to do just to have a slight hope of keeping your machine clean.

johno123

newbie

Activity: 8

Merit: 0

Also having issues getting to the site this evening....

BookLover

hero member

Activity: 533

Merit: 500

^Bitcoin Library of Congress.

Quote from: shoesman on April 21, 2014, 04:18:58 PM

Did you get any flickering as i have aka constant connected/disconnected switching as one can take from the previous post one page back in my armory log and comment which hasn't been replied to as of yet.

No flickering for me with this setup.

Quote from: shoesman on April 21, 2014, 04:18:58 PM

What specific command would i have to add to my bitcoin shortcut to get this working?

I have my computer set up with two .conf files and two shortcuts because I want to be able to use bitcoin-qt with and without Armory. This complicates my setup a little bit. If you just want to use bitcoin-qt with Armory all you need to do to prepare bitcoin-qt for Armory is add these two lines to your bitcoin.conf file.

Code:

bind=127.0.0.1
listen=1

Quote from: shoesman on April 21, 2014, 04:18:58 PM

Is this any different than just adding the --satoshi-port=9150 switch to my armory shortcut?

Yes, adding the "--satoshi-port=9150" switch tells Armory to communicate with bitcoin-qt through port 9150 while adding

Code:

bind=127.0.0.1
listen=1

to bitcoin.conf tells bitcoin-qt to listen on all ports but only accept communication from your computer.

Quote from: shoesman on April 21, 2014, 04:18:58 PM

Something tells me its not good to have bitcoin core accept external connections.

Code:

bind=127.0.0.1

This line prevents bitcoin-qt from accepting external connections. (external as in from outside your computer)

goldkelowna

newbie

Activity: 5

Merit: 0

Quote from: mindlost on April 21, 2014, 06:13:27 PM

Is bitcoinarmory.com down? All I get is "File not found."

In possibly related news, Armory (v.90 beta) is crashing for me as of today while trying to sync the blockchain.

I too am having trouble accesing the main site (File not Found.) Also, I am using 0.88 beta, and I am getting crashes while syncing. Anybody in the know want to weigh in on this???

mindlost

newbie

Activity: 8

Merit: 0

Is bitcoinarmory.com down? All I get is "File not found."

In possibly related news, Armory (v.90 beta) is crashing for me as of today while trying to sync the blockchain.

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: shoesman on April 21, 2014, 05:56:15 PM

there gotta be a vmless solution here

Of course there is. I'm just mentioning that this sounds like a solid solution to use (if done properly), if you have more than a casual interest in the privacy of Tor. And it doesn't require us (Armory devs) to do anything to support it.

Please carry on, figuring out a non-VM solution, and helping us figure out how to make sure Armory behaves itself properly in that environment.

shoesman

newbie

Activity: 54

Merit: 0

there gotta be a vmless solution here

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: shoesman on April 21, 2014, 04:27:54 PM

Quote from: goatpig on April 20, 2014, 11:16:32 PM

https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.

i would very much like that alot im sure im not the only one here , btw in the meanwhile how do we disable the rest of armorys call back home routines aka anything that doesnt go over bitcoin cores connection

I actually really like justus's suggestion in the short-term, because it completely compensates for anything Armory does that is not ideal for Tor. Setup a VM that basically only allows traffic through Tor. Armory can't really misbehave in that environment.

Though, at the same time, I don't think it would be to make sure Armory is doing the right thing, I'm just not the person to do it.

shoesman

newbie

Activity: 54

Merit: 0

Quote from: goatpig on April 20, 2014, 11:16:32 PM

https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.

i would very much like that alot im sure im not the only one here , btw in the meanwhile how do we disable the rest of armorys call back home routines aka anything that doesnt go over bitcoin cores connection

shoesman

newbie

Activity: 54

Merit: 0

Quote from: BookLover on April 21, 2014, 10:30:19 AM

I managed to get Tor, Armory, and Bitcoin-qt working together. Here's my setup:

Armory has no command line arguments, the only change is I unselected "Let Armory run Bitcoin-Qt/bitcoind in the background" in settings.

Tor was left with the default settings.

For Bitcoin-qt I first ran the program and deselected "Map port using UPnP" and selected "Connect through SOCKS proxy". (Proxy IP: 127.0.0.1, Port: 9150, SOCKS Version: 5) I also created a shortcut with one command line argument to use a different .conf file in the Bitcoin data directory (which I named Armory.conf)

Code:

#For Armory
bind=127.0.0.1
listen=1

Bind = 127.0.0.1 should mean that only local processes can connect to your node. And listen=1 should mean that it accepts external connections (external as in not from bitcoin-qt itself, not necessarily from outside your computer)

did you get any flickering as i have aka constant connected/disconnected switching as one can take from the previous post one page back in my armory log and comment wich hasnt been replied to as of yet , and what specific command would i have to add to my

bitcoin shortcut to get this working and is this any different than just adding the --satoshi-port=9150 switch to my armory shortcut , and something tells me its not good to have bitcoin core accept external connections meaning it would be connecting to your

clearnet or am i wrong ? cause last time ive used the listen=1 switch thats what it did ive tested bitcoin core without tor running and it was syncing while running that switch , thanks

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

There's an option in the settings that says something like "Let armory manage bitcoind"

bitcoinbitcoin

newbie

Activity: 31

Merit: 0

How do you "Turn off bitcoind auto management"?

BookLover

hero member

Activity: 533

Merit: 500

^Bitcoin Library of Congress.

I managed to get Tor, Armory, and Bitcoin-qt working together. Here's my setup:

Armory has no command line arguments, the only change is I unselected "Let Armory run Bitcoin-Qt/bitcoind in the background" in settings.

Tor was left with the default settings.

For Bitcoin-qt I first ran the program and deselected "Map port using UPnP" and selected "Connect through SOCKS proxy". (Proxy IP: 127.0.0.1, Port: 9150, SOCKS Version: 5) I also created a shortcut with one command line argument ("-conf=Armory.conf" to use a different .conf file in the Bitcoin data directory)

Code:

#For Armory.conf
bind=127.0.0.1
listen=1

Bind = 127.0.0.1 should mean that only local processes can connect to your node. And listen=1 should mean that it accepts external connections (external as in not from bitcoin-qt itself, not necessarily from outside your computer)

Edit: Added which command line argument I used with bitcoin-qt (-conf=Armory.conf) NOTE: This argument is not necessary to use bitcoin-qt and Tor with Armory!

goatpig

legendary

Activity: 3738

Merit: 1360

Armory Developer

Quote from: bitcoinbitcoin on April 21, 2014, 02:18:36 AM

Has anyone been able to run Armory on Tails OS?
That should be easier to set up, than regular tor, right?
Bitcoin-QT works fine in Tails, but Armory is stuck at "initializing bitcoin engine"

Turn off bitcoind auto management, and I hope you're not trying to download the chain off of Tor

bitcoinbitcoin

newbie

Activity: 31

Merit: 0

Has anyone been able to run Armory on Tails OS?
That should be easier to set up, than regular tor, right?
Bitcoin-QT works fine in Tails, but Armory is stuck at "initializing bitcoin engine"

justusranvier

legendary

Activity: 1400

Merit: 1013

The best way to use Tor is to run your privacy-sensitive application in a virtual machine, and use firewalling and virtual networks on the host side to make sure it's absolutely impossible for the VM to send packets anywhere except through your Tor proxy.

Does require some advanced Linux networking and sysadmin knowledge to do correctly though.

goatpig

legendary

Activity: 3738

Merit: 1360

Armory Developer

https://bitcointalksearch.org/topic/m.6235772

This gets BitcoinQt running behind Tor and Armory having an exclusive connection to your local BitcoinQt. At least it works as intented on my end. Obviously what etotheipi says stands.

One of the most significant ways to get screwed on Tor is directing DNS requests outside of Tor. As long as Armory doesnt run its regular 'call back home routines', it should fine. Ideally, Armory should just redirect these through Tor, be we don't have a setting for http proxying, yet.

If we stand to support Tor, we'll most likely make a dedicated switch for it. Not a priority right now though.

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

Quote from: BookLover on April 20, 2014, 10:04:23 PM

What settings would you suggest to use Armory while bitcoin-qt is running through Tor? I don't mind trying out your idea's, just want to make sure we find a way that works.

Btw, regardless of what we say here, I would not interpret that as official advice or in any way guaranteeing ... anything. I bring this up because many people use Bitcoin in ways where privacy is equivalent to their personal security (either in less-free states, or for doing questionably legal things).

I suspect that the strong privacy protections of Tor probably require both the user and the developer to be careful. Unfortunately, I have spent no time learning about Tor, or spent any time figuring out how to make sure it doesn't leak information. As such, I would not rely on it in this way unless you have only a casual necessity for privacy.

I would be happy to entertain someone who really understands Tor, to be able to review what Armory does, and make sure it doesn't do things that leak information. For instance, we have periodic announcement checks, and check for internet connection on startup by pinging google and microsoft.com. Both of these can be disabled -- but I suspect there may be other things that I don't realize leak information, even when the user has been careful.

Topic: Armory - Discussion Thread - page 53. (Read 521749 times)