Pages:
Author

Topic: bitBuntu LiveCD R2 (Read 4285 times)

member
Activity: 70
Merit: 10
April 21, 2013, 08:56:34 PM
#28
To solve the trust issue, let us compile the important binaries ourselves and just include the source code and commands to do it.

That wouldn't be enough. Compiler/interpreter could be injecting code, system tools could be modified and more.

I'm not trusting this either. Too many red flags.
hero member
Activity: 714
Merit: 510
April 21, 2013, 02:52:02 PM
#27
To solve the trust issue, let us compile the important binaries ourselves and just include the source code and commands to do it.
N0
newbie
Activity: 29
Merit: 0
April 21, 2013, 03:44:59 AM
#26
I would prefer to make an Ubuntu LiveCD myself with the latest Electrum 1.7.3, but Remastersys does not appear very user friendly for this non-techie.
Could you provide some brief step-by-step instructions to get me going?
 

As you can see from previous post I plan to write a guide on how to use remastersys.
Unfortanantly I'm not going to have alot of available time this next couple of weeks so it will take some time.
any way you can subscribe to my blog to get updates

newbie
Activity: 28
Merit: 0
April 21, 2013, 12:02:33 AM
#25
I would prefer to make an Ubuntu LiveCD myself with the latest Electrum 1.7.3, but Remastersys does not appear very user friendly for this non-techie.
Could you provide some brief step-by-step instructions to get me going?
 
jr. member
Activity: 45
Merit: 3
April 15, 2013, 10:01:12 AM
#24
Not really expecting an answer but I'll ask anyway...

Does anyone know how you would make a USB bootable live version of this for Mac?  Don't judge!

 Lips sealed

I followed these instructions and it was not difficult:
http://www.youtube.com/watch?v=Jtc8fpCt-P0

Greets,
Neo
N0
newbie
Activity: 29
Merit: 0
April 15, 2013, 04:13:30 AM
#23
Your completely missing the point .

YOU SHOULD NOT TRUST MY DISTRO

But you probably shouldn't trust your tools that much.
since this distro is manly intended to offline use.
it will have either to rewrite the tools it using to generate known addresses instead of random ones.
or it will have to manipulate your hardrive installing a trojan or root kit on your normal OS that will steal your wallet
you use on your computer.

validating your hard drive integrity is not trivial but not that hard to do.
and you already said you can validate the tools you use.
so if you do both this processes, you will get a much more trusted liveCD then any non bitcoin related liveCD
since you validated it and the tools installed. unlike ubuntu live cd where you have to install all your tools on each
boot (and how do you know they haven't changed ? or that you can trust your connection ?) or a persistent usb stick who might be tempered or just updated with untrusted new versions.

I think it will be much more worthy and maybe even less difficult. for an attacker to hack bitaddress.org github account and servers (I don't know about bitaddress servers but github had security issues in the past and probably will have in the future) and just catch a few days ride on there servers.
then to build a tempered liveCD who might have at best a few hundred users ( building a normal liveCD was quite trivial and took me about a week, but the time it would take to make a tainted one will probably be weeks or months and will probably require a team of strong hackers so it will be able to pass various verification process, and it will probably be caught quite fast because whoever will test it will know what to look for)

but I don't really care if you use it or not.
I made this CD in the favor of the community, and I don't have any gain out of it (except felling good about myself that people use my software and hopefully get some donations to keep my work but up until now it didn't even cover 1/100 of the cost and I doubt if it ever will) .
But you are not giving any service for the community by scaring people of. you are only sending them to what is surely a much more dangerous software not because they cannot trust the authors of the software but because most of them don't know shit about security like ssl and probably have an OS that is full of Trojans and backdoors).

So as I wrote on reddit, if you really want to help the community and newbies coming to bitcoin, assuming you have the technical background test this CD and verify it safe.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
April 15, 2013, 12:13:50 AM
#22
It simply is easier to verify one client than to verify a whole distro to not contain some troyan, key logger, whatever stuff that will send wallets home. That is why
I don't trust your distro.
N0
newbie
Activity: 29
Merit: 0
April 14, 2013, 11:57:44 PM
#21
Yea trust is a major issue.
But I'm not sure if you can trust an open source software 100% either.
Or for that matter any software who gets updated automatically.

The author could just send a malicious update once he thinks its worth it.
and it doesn't even have to be him, what if his system gets compromised, and some else releases an update in his name ?

so the chain of trust in Bitcoin is very limited.

thats why I  think a liveCD is one of the most secure methods were going to have since it will always stay in the same state.
I guess its better to make on your self and not to trust any one else but for most users that wont be an option.
so if you can get one from a trusted source you should be safe (as per release bases)
thats one of the reason I created an OTC account so I could gain trust in the community and hopefully in the end people will
be able to trust me for future release.

but that doesn't mean This current release can't be validated.
I wrote a small post of how I would have test a liveCD like that on reddit
http://www.reddit.com/r/Bitcoin/comments/1c9ht1/bitbuntu_r2_an_ubuntu_livecd_with_all_your/
and I highly encourage any one known in the community to give it a go and validate this specific release.
if you approve it you can ad your public key/sha256 hash to the iso so people will be able to test its the same iso
and I haven't changed it (the disadvantaged is that this has to be done again for each release)

Anyway I hope that for my next release when I'll add Armory etotheipi, will be able to validate it has not been modified.
And I think most people will be able to test gitub bitaddress.org source vs the local saved source and see its the same.

I know that if any one finds an issue with this CD he will notify the community (which is exactly what I  would have done)
but if you use this CD and test it and find it to be legit, it will be very helpful to let people know, since it as important users wiil know what they can trust as to what they cannot



legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
April 14, 2013, 06:33:11 PM
#20
Its an absolute terrible idea to trust your digital currencies to OS bundles from random internet strangers...

I agree  Sad
Its not a good idea to back up your Bitcoins using a software that was deviced for the sole purpose of backing up Bitcoins.
Why not? Because you are much more likely to get a Bitcoin stealer malware on your system if you use software with Bitcoins in mind, than just reverting to some standard all-purpose software that was deviced probably long before Bitcoin was an issue.

I appreciate the effort nevertheless and hope that this can turn into an ongoing and well maintained project if complexity is reduced and all source code of the package thoroughly checked for malicious code by third parties so even I would feel comfortable to use it. Till then its a rocky road, so best of luck!

This.
I'm getting more and more paranoid installing ANY closed-source software released after 2010!

I trust my bitcoins with bitcoin-qt binaries from ppa and kind of hate the situation. What I consider really safe is open source software from github or bitbucket that has many many forks and no changes in months as I would guess that people that forked it, also had a look for malware and with months of time since the last change or with reviewing the last changes myself, I feel pretty safe with projects like vanitygen or braiwallet. Vanitygen has some more of my trust as it was designed with speed of creating valid keys in mind, so there is not much around that could be stealing my keys. It could use weak crypto though but I heard no such accusations, so hey, maybe it's secure Wink

Edit: Yeah, I totally agree to not trust any bitcoin software like self-extracting backgrounds or widgets or anything bitcoin related that is not trusted by a huge community of capable people, so no, I will surely not support this ubuntu bundle although I might do one for myself and friends.
legendary
Activity: 1120
Merit: 1016
090930
April 14, 2013, 02:40:13 PM
#19
Its an absolute terrible idea to trust your digital currencies to OS bundles from random internet strangers...

I agree  Sad
Its not a good idea to back up your Bitcoins using a software that was deviced for the sole purpose of backing up Bitcoins.
Why not? Because you are much more likely to get a Bitcoin stealer malware on your system if you use software with Bitcoins in mind, than just reverting to some standard all-purpose software that was deviced probably long before Bitcoin was an issue.

I appreciate the effort nevertheless and hope that this can turn into an ongoing and well maintained project if complexity is reduced and all source code of the package thoroughly checked for malicious code by third parties so even I would feel comfortable to use it. Till then its a rocky road, so best of luck!

This.
I'm getting more and more paranoid installing ANY closed-source software released after 2010!
legendary
Activity: 892
Merit: 1013
April 14, 2013, 02:18:27 PM
#18
Its an absolute terrible idea to trust your digital currencies to OS bundles from random internet strangers...
imagine electrum or other client is modified and pick the private key from a pool, each download change the pool.
Even if you do not plug your livecd to internet, your money is at risk...
if one use the live cd for security reason to make some nice cold storage, he might have a bitter surprise....
legendary
Activity: 1022
Merit: 1000
April 14, 2013, 02:07:57 PM
#17
Its an absolute terrible idea to trust your digital currencies to OS bundles from random internet strangers...

I agree  Sad
Its not a good idea to back up your Bitcoins using a software that was deviced for the sole purpose of backing up Bitcoins.
Why not? Because you are much more likely to get a Bitcoin stealer malware on your system if you use software with Bitcoins in mind, than just reverting to some standard all-purpose software that was deviced probably long before Bitcoin was an issue.

I appreciate the effort nevertheless and hope that this can turn into an ongoing and well maintained project if complexity is reduced and all source code of the package thoroughly checked for malicious code by third parties so even I would feel comfortable to use it. Till then its a rocky road, so best of luck!
sr. member
Activity: 277
Merit: 250
April 14, 2013, 01:39:16 PM
#16
Its an absolute terrible idea to trust your digital currencies to OS bundles from random internet strangers...
N0
newbie
Activity: 29
Merit: 0
April 14, 2013, 07:39:42 AM
#15
I vote for armory!

Also pls include some encryption program like Truecrypt to encrypt your wallet and priv. key files!

Are there some additional printer drivers available that you could add to make sure I have support for my own printer if I wanted to print out my priv. keys?

Truecrypt and keepass2 are preinstalled.
About printers I'm not sure if this is possible for me at the moment.
If your printer is not supported (and I think ubuntu supports many out of the box ) you can go online just for the printer install or just save your driver to USB stick if you think it will be more secure.

I will try your LIVECD, but would prefer to assemble an iso myself using UBUNTU 12.10 and ELECTRUM.
Can anyone point me in the right direction to do that?

Steve
------------------
taiping you might wanna check remastersys -
http://www.remastersys.com/
it what I used to make this distro, it is not that hard to use.
I hope to write a tutorial on how to use it but I have too much stuff on
my mind at the moment

newbie
Activity: 28
Merit: 0
April 14, 2013, 07:17:42 AM
#14
I will try your LIVECD, but would prefer to assemble an iso myself using UBUNTU 12.10 and ELECTRUM.
Can anyone point me in the right direction to do that?

Steve
------------------
legendary
Activity: 1022
Merit: 1000
April 14, 2013, 07:17:00 AM
#13
I vote for armory!

Also pls include some encryption program like Truecrypt to encrypt your wallet and priv. key files!

Are there some additional printer drivers available that you could add to make sure I have support for my own printer if I wanted to print out my priv. keys?
member
Activity: 68
Merit: 10
April 14, 2013, 05:21:34 AM
#12
For reference, Armory is trivial to build in Ubuntu.  It is five terminal commands:

  • sudo apt-get install git-core build-essential pyqt4-dev-tools swig libqtcore4 libqt4-dev python-qt4 python-dev python-twisted python-psutil
  • git clone git://github.com/etotheipi/BitcoinArmory.git
  • cd BitcoinArmory
  • make
  • python ArmoryQt.py

It's not terribly large, either.  The offline bundle has all dependencies included to run on an offline computer and is 25 MB.  

I'll check again for next release but I think when I checked it didn't look like it will offer any extra features.
I'm trying to make this iso small enough to fit on a regular cd but maybe its to large any way now.

no TOR or text-mode browser? aww Sad
I guess Tor is important and I'll try to add it. but why would you need a text mode browser what the advantages ?


Not really expecting an answer but I'll ask anyway...

Does anyone know how you would make a USB bootable live version of this for Mac?  Don't judge!

 Lips sealed
you have unetbootin http://unetbootin.sourceforge.net/
which will turn any livecd iso to a bootable usb.
let me know if you manage to use it and if the usb runs on mac (it shouldn't matter but I don't have a mac to test it on)



I really appreciate the response.  I was unaware of this!  Thanks.  Smiley
N0
newbie
Activity: 29
Merit: 0
April 14, 2013, 12:59:45 AM
#11
it is based on ubuntu 12.10.
I saw there is a deb file so I think I'll be able to install it but I haven't tried yet.
I'll wait a bit to see what other suggestions people have, and I'll try to release a new version next weekend.
I'll PM you if I can't install it for some reason.

legendary
Activity: 1428
Merit: 1093
Core Armory Developer
April 14, 2013, 12:44:47 AM
#10
Ok so I'll add Armory and Tor on the next release.

What about bookmarks ?
I'm sure there are many important links I missed


If you tell me what distro it is based on, I'll make an offline bundle for you -- making it absolutely trivial to install it in your live environment.  It'll just be a zip file containing all the .deb files needed to run it without an internet connection.  Or maybe the build instructions I put there are sufficient for building the live CD (sorry, not all that familiar with how it works).
N0
newbie
Activity: 29
Merit: 0
April 14, 2013, 12:39:35 AM
#9
Ok so I'll add Armory and Tor on the next release.

What about bookmarks ?
I'm sure there are many important links I missed
Pages:
Jump to: