Pages:
Author

Topic: HOWTO create a bootable usb Bitcoin wallet in 4 easy steps (Read 10382 times)

full member
Activity: 263
Merit: 101
na links in there dont work either  Huh
legendary
Activity: 905
Merit: 1000
The main thread for LinuxCoin is here:
https://bitcointalksearch.org/topic/linuxcoin-a-lightweight-debian-based-os-with-everything-ready-to-go-7374

It has been ongoing since May 2011, when dinosaurs still roamed the earth.


full member
Activity: 263
Merit: 101
Hi

does anyone have alternate links to download this as the links shown are not working for me ?
hero member
Activity: 532
Merit: 500
can you point me to the thread for this please
sr. member
Activity: 308
Merit: 251

To tell you the truth your not safe from me with the code anyway Cheesy There's nothing stopping me slipping a dirty package in with the updates or something, or a hidden administrator account. I won't do this but looking at a users point of view this could be a possibility.


This is what I'm talking about - and even you verify it.  For us NON linux people how could we prevent the exact scenario you are talking about?  How does one scan for a 'hidden admin account' or make sure none of that exists.

You did this to provide a secure way of using bitcoin and it seems you've done a really great job so why not finalize it by helping people understand how to be 100% safe?

I know you don't have to, I'm not trying to be a nag on a free service you provided.  Once I get a grip on this thing I will donate and I'm sure others would be more inclined to donate for your time to know beyond a shadow of a doubt no such things as you mentioned above exist.

I'm also a little confused with persistence.. I have a 8 gb flash drive....   I installed linuxcoin.... it runs on my desktop with a ati 5830 but not on my laptop with a 5870m.

but then it said the 'ring' ran out of room/space....  I was a little confused with the root account.. loging off loging on (I'm reading the other thread all the way through) this is specifically the windows thread I guess. Also... do the unsecure bitcoin and secure share the same wallet.dat or are they two separate wallets?

Hope these questions aren't too retarded and again thanks for chiming in.

- Blackout




To address your first question is trust me and trust the community Cheesy Noone want's to loose their coins and if foul play is suspected it doesn't take long for word to spread. Only use ISO's that match the  MD5 / SHA1 sums posted on the official thread or website and only use packages from linuxcoin's official repository, change the default user password, read up about and use grsecurity's RBAC system to it's full potential (Default policies will be in place with the next version), Any application you don't trust linuxcoin has the facility to run it inside a sandbox and restrict access to files on your system ie your wallet. Make full use of linuxcoin's tools like tor / privoxy, openVPN, PaX etc and stay as quiet as possible Wink Follow these rules and you should be as safe as one can be in the digital realm.

A lot of the internal working have changed from the last version and this issue has been addressed. There are fixes available for these issues but I'm very pushed for time atm and have only posted links onto the official thread. I know this is far from ideal but I'm hoping to tidy the update process etc up a bit. This should make things a lot simpler to stay up to date etc.

When I get my head above water again I will make a push to get some real documentation out there for the average Joe to follow along and use linuxcoin to it's full potential. ATM with the lack of documentation I'm sorry guys but you will have to do your best to read up about how debian systems work if you want to do something with LinuxCoin. I'd love to put more of my time into this but I'm short on cash so have to work all sorts of hours to make a little p Wink
full member
Activity: 196
Merit: 100

To tell you the truth your not safe from me with the code anyway Cheesy There's nothing stopping me slipping a dirty package in with the updates or something, or a hidden administrator account. I won't do this but looking at a users point of view this could be a possibility.


This is what I'm talking about - and even you verify it.  For us NON linux people how could we prevent the exact scenario you are talking about?  How does one scan for a 'hidden admin account' or make sure none of that exists.

You did this to provide a secure way of using bitcoin and it seems you've done a really great job so why not finalize it by helping people understand how to be 100% safe?

I know you don't have to, I'm not trying to be a nag on a free service you provided.  Once I get a grip on this thing I will donate and I'm sure others would be more inclined to donate for your time to know beyond a shadow of a doubt no such things as you mentioned above exist.

I'm also a little confused with persistence.. I have a 8 gb flash drive....   I installed linuxcoin.... it runs on my desktop with a ati 5830 but not on my laptop with a 5870m.

but then it said the 'ring' ran out of room/space....  I was a little confused with the root account.. loging off loging on (I'm reading the other thread all the way through) this is specifically the windows thread I guess. Also... do the unsecure bitcoin and secure share the same wallet.dat or are they two separate wallets?

Hope these questions aren't too retarded and again thanks for chiming in.

- Blackout


full member
Activity: 196
Merit: 100
I appreciate your candor, and I do like what you've done.

It won't seem to run on my laptop (msi gx660 r win 7 64bit ati 5870m)

it says something X can't find the disp[lay device or something to that effect?

Any suggestions?

Also... as to the secure and unsecure versions... do they conflict and use the same wallet.dat file?

sr. member
Activity: 308
Merit: 251
 You could do many things to check this like running in a secure VM environment and watch what happens or using a packet sniffer to watch ingoing / outbound traffic. I can understand your concerns but it would take me too much time to pick this thing apart and publish all the code. Maybe i might shift things real soon and publish everything on github but I don't have any plans to do so in the near future.

To tell you the truth your not safe from me with the code anyway Cheesy There's nothing stopping me slipping a dirty package in with the updates or something, or a hidden administrator account. I won't do this but looking at a users point of view this could be a possibility.

The truth is LinuxCoin probably has been already picked apart by the paranoid. Look at some of the posts on this forum ! If there is something to be found the community normally finds this. The difference between LinuxCoin and some of the online solutions is that LinuxCoin is in your hands, you have full control of how you use LinuxCoin. Don't trust LinuxCoin to auto connect ? Disable it. If you don't feel safe using a direct connection ? Setup a VPN tunnel (everything included to do this will be included in the latest version). You don't like services running ? Disable them too.

Online services have full control of your coins, the system is in the administrators control. If the third party want's to disappear and sell your coins it's only a matter of clicks. With LinuxCoin I would have to write a wallet stealer, slip it into your install in some way, sit back and watch my stealer grab your coins. The way I would come unstuck is that 90% of LinuxCoin users would have there installs offline. Admitting that yes i would probably grab a few it would take long for someone to blow the whistle and people run for the hills. That means I could end up with 1000 coins or 1 ? There's no way of knowing how many people would install my wallet stealer before I'm busted.

It's all about personal choice really. Way up the pro's and cons of any system and make your decision based on that. But I know where I have my coins Cheesy Saved onto an encrypted offline USB stick with LinuxCoin installed.
full member
Activity: 196
Merit: 100
Again Mr Doctor Green I am not saying you put anything in there, nor would I know what to look for if you did open up the code before compiled for someone to look at - I would have to trust some of my slightly geekier than me friends or the linux community in general to check it out.   I'm just saying for 100% absolute certainty it would be nice to have the third party verification.  Then evryone could feel totally confident.
Unfortunately there are a lot of people writing free bitcoin utilities that try and steal the wallet.dat keys and send them off.  They may may not touch it.  They might sit on it for years.

I like what you've done here. I would just like 100% certainty on the code part.  Any human error on my part is my problem.

sr. member
Activity: 308
Merit: 251
Nope sorry Cheesy I'm not going to open up the code because there's nothing to open it's just debian with a customized kernel and some scripting. It's free so use it if you want to I don't feel the need to prove anything to anyone Cheesy You can test this yourself by installing tcpdump or wireshark and analyzing whats going in and out. If you find a backdoor come and tell everyone about it lol

Comon people noone !! Has EVER had issues with loosing bitcoins while using linuxcoin. Not being nasty but I couldn't give a stuff if you use it or not the reason I created it is for people to have a choice to use a secure environment to trade bitcoins with piece of mind. It's your choice, use it if you want if not move along to something else.

One thing I will say about security if you are downloading from anywhere else but the official site check your MD5 / SHA1 because if it don't match it's either a corrupt download or somethings been modifiedupdate-rc.d -f  blah remove

Linuxcoin does connect to the internet if you have a ethernet cable plugged in. You can stop this by disabling the network manager.

Code:
update-rc.d -f  network-manager remove

And as I keep telling people don't you think I would of stolen all your coins and run when bitcoins were worth like £20 Cheesy

full member
Activity: 196
Merit: 100
I think you just did, but I will ask as well.

drG33n!!!!

Can you open up the code?

legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
That's all good and nice. But if it can't be examined openly to make sure there are no back doors, it doesn't matter if it is used for 1 day or 10 years... the option is there that an unknown installed program that cannot be examined could copy and send off wallet.dat files or keys.

It most likely does not.  I am not saying it does.   I'm just asking if there is some way of having CERTAINTY.. not just...
"nothing bad has happened yet"

Before the MtGox disaster, you could use the same logic to say "MtGox is perfectly safe, because people have been using it and no one has complained."



fair point.  why don't you ask him to open up the code?

I believe all the code is already open, but well get confirmation when drGr33n appears.
legendary
Activity: 1764
Merit: 1002
That's all good and nice. But if it can't be examined openly to make sure there are no back doors, it doesn't matter if it is used for 1 day or 10 years... the option is there that an unknown installed program that cannot be examined could copy and send off wallet.dat files or keys.

It most likely does not.  I am not saying it does.   I'm just asking if there is some way of having CERTAINTY.. not just...
"nothing bad has happened yet"

Before the MtGox disaster, you could use the same logic to say "MtGox is perfectly safe, because people have been using it and no one has complained."



fair point.  why don't you ask him to open up the code?
full member
Activity: 196
Merit: 100
That's all good and nice. But if it can't be examined openly to make sure there are no back doors, it doesn't matter if it is used for 1 day or 10 years... the option is there that an unknown installed program that cannot be examined could copy and send off wallet.dat files or keys.

It most likely does not.  I am not saying it does.   I'm just asking if there is some way of having CERTAINTY.. not just...
"nothing bad has happened yet"

Before the MtGox disaster, you could use the same logic to say "MtGox is perfectly safe, because people have been using it and no one has complained."

legendary
Activity: 1764
Merit: 1002
Oh great.  More worries.  Is there not a way to check this? Can someone not open this up and check the code to make sure there are no backdoors sending wallet keys to the maker?

LinuxCoin was created by drG33n and Im sure hell come here to solve any doubts you have. The official thread is here and so far is widely used and no one has complained.


Oh....! OH!   drG33n!!!!  What was I thinking!?  Thank God!  Now I know it's secure.  Now my mom and sister and family feel safe buying bitcoins and using this client! For a second there I thought it might have been written been J3lllE_Nz or smAH{{yfheeTz  or  Wyh0reMAHZMAHZpwnzCR@KzzR00K

Thanks god we have that solved and know for sure it's safe now written by drG33n.


(sarcasm note)

I'm just being funny no offense to drG33n, this is not a troll.  He put some work into what appears to be a great tool, but seriously for those not in the linux ubuntu scene is this thing open source and checkable by others?







look at what hugolp said.  go to that thread and look at the tons of ppl who've been using it for a long time.  no one has complained.
full member
Activity: 196
Merit: 100
I'm just being funny no offense to drG33n, this is not a troll.  He put some work into what appears to be a great tool, but seriously for those not in the linux ubuntu scene is this thing open source and checkable by others?

I would prefer drGr33n to answer, but until he logs in, I can give you what I got from reading his thread. LinuxCoin was first Debian with some scripts added and the Bitcoin software installed by default. Later on he changed to Slackware. So basically is all open source. If you download the binaries you have obviously no way to test it, but I am sure there is a way to check the sources. Again, take everything I said with a grain of salt, I could be wrong.

Also, if you want to become fully paranoic about security (which is not a bad thing to do) one has to be aware that windows has wholes accesible by governments (so they can enter on your windows computer at any time) and services like gmail have also government wholes (this is how the chinese hacked gmail, publicy admited by Google). So you might want to keep that in mind also if you are running Bitcoin (and anything) on Windows or using gmail.

I am aware of the Windows and google wholes. I like Windows 7 and hate the evil of google with a passion. I use it but of course I don't run my secret ops to take over the world with my hat strategic system on my Win 7 box or chrome.  I keep that specifically on an isolated and secure commodore 64. You really only need 48k to take over the world.

As far as bitcoins I keep some minor amounts on my Windows machine for convienience but my major thousands and thousands and thousands I keep inside of a usb keychain the hangs on my vicious man eating boxer dog:

http://www.youtube.com/watch?v=v2zj6_Q6qFU

And using gmail is for idiots.







legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
I'm just being funny no offense to drG33n, this is not a troll.  He put some work into what appears to be a great tool, but seriously for those not in the linux ubuntu scene is this thing open source and checkable by others?

I would prefer drGr33n to answer, but until he logs in, I can give you what I got from reading his thread. LinuxCoin was first Debian with some scripts added and the Bitcoin software installed by default. Later on he changed to Slackware. So basically is all open source. If you download the binaries you have obviously no way to test it, but I am sure there is a way to check the sources. Again, take everything I said with a grain of salt, I could be wrong.

Also, if you want to become fully paranoic about security (which is not a bad thing to do) one has to be aware that windows has wholes accesible by governments (so they can enter on your windows computer at any time) and services like gmail have also government wholes (this is how the chinese hacked gmail, publicy admited by Google). So you might want to keep that in mind also if you are running Bitcoin (and anything) on Windows or using gmail.
full member
Activity: 196
Merit: 100
Oh great.  More worries.  Is there not a way to check this? Can someone not open this up and check the code to make sure there are no backdoors sending wallet keys to the maker?

LinuxCoin was created by drG33n and Im sure hell come here to solve any doubts you have. The official thread is here and so far is widely used and no one has complained.


Oh....! OH!   drG33n!!!!  What was I thinking!?  Thank God!  Now I know it's secure.  Now my mom and sister and family feel safe buying bitcoins and using this client! For a second there I thought it might have been written been J3lllE_Nz or smAH{{yfheeTz  or  Wyh0reMAHZMAHZpwnzCR@KzzR00K

Thanks god we have that solved and know for sure it's safe now written by drG33n.


(sarcasm note)

I'm just being funny no offense to drG33n, this is not a troll.  He put some work into what appears to be a great tool, but seriously for those not in the linux ubuntu scene is this thing open source and checkable by others?





hero member
Activity: 504
Merit: 500
http://support.apple.com/kb/ht1948

unfortunately not going to work with Intel based Mac.  requires a GUID format vs FAT32.

Thats a shame. If you are really interested, you should go to the LinuxCoin thread (https://bitcointalksearch.org/topic/linuxcoin-a-lightweight-debian-based-os-with-everything-ready-to-go-7374) and ask there, maybe you can get it to work with other partition systems.

It is possible using EFI-grub to make an ELilo boot loader instead of the standard Lilo one that requires the Fat32,  though it may not be easy. ;p
hero member
Activity: 504
Merit: 500

Quote from: Blackout
I get that - but then there is no need of all this bootable stuff... just create a new wallet and offline store it and send coins to it as it is buried in Michael Jackson's basement.

Yes, this is an option as well. In fact, you should do that with the security copies. The point of having a bootable USB is that you have a more easy access to your funds. For example you might want to access those funds every 3 or 4 months, and the USB is just convinient.

  The bootable USB method also allows you a much more secure way to load your wallet if you have the need to do so on a computer, i.e someone else's laptop you are doing an exchange with. You would not want to copy your wallet file to their computer but it would be fairly safe to boot to your USB.

  Hopefully we will see basic wallet exporting functions implemented into the client soon with multiple options for output location, included addresses etc.  This will not do away with the usefulness of a bootable USB but will grant us much more flexibility in managing our funds.
Pages:
Jump to: