Topic: [REQUEST] Developing Bootable Bitcoin-QT (Read 5270 times)

up

If you are replying to me, I don't think I ever said to be offline before installing Linux. Of course you need to get Linux from somewhere and that is probably the Internet. I agree that you should install the OS and wallet first, then disable the Internet.

I don't know of a complete guide. You want to first create the Linux LiveUSB. How you do that depends on whether you are currently running Linux or Windows. The following is a guide for if you are running Linux.

http://www.pendrivelinux.com/creating-an-ubuntu-live-usb-from-cd/#more-5191

For your offline wallet on dedicated computer:
  Why does it help to be offline STARTING before installing Linux? I thought it only matters that it is offline forever-- STARTING right before the wallet is created.

But many guides recommend to install xubuntu offline with apt-offline, etc.. That is a PITA. Please explain the benefit.
  It's so much easier to install the OS and armory/electrum while online, THEN unplug the ethernet cable and superglue the port   Can you refer me to a complete guide?  So many are different/outdated.

Thanks again, sorry if redundant.

It is not completely safe to run LiveUSB, just like it is not completely safe to run a dedicated computer. The manufacturer may have introduced a vulnerability into either the computer or USB drive at the hardware level. There are steps to take that will allow you to safely use with a LiveUSB or dedicated computer, assuming that the devices are not compromised on a hardware level.

This addresses the LiveUSB security issue. If you use a USB device with an integrated switch to disable write access you can be sure that the contents of the drive don't change. This is assuming the device never leaves your sight (since someone can just flip the switch and modify files on the drive) and assuming that you trust the drive manufacturer to correctly implement the write protect feature.

I would be careful where I got the USB device from. They have microcontrollers in them, which can be reprogrammed.

Of course, if you want persistence (wallet files, etc.) you need to disable the write protect or have one flash drive for the OS and another for the data.

Ultimately it is up to you to answer: Do you have enough bitcoin to justify (a) dedicated computer(s)? I personally feel a LiveCD is sufficient, with a flash drive for the (encrypted) wallet.dat.

Well, for an offline/online system i'm trying to decide between running 2 LiveUSBs vs 2 full dedicated laptops. Or one dedicated offline laptop, and one online LiveUSB (like TAILS).
Is running an wallet using a LiveUSB completely safe, or is it better to have a dedicated laptop for your wallet?

With the LiveUSB, you should remove the virus-infested Windows8 internal HDD, before you run it. And disable wifi in BIOS if you want offline.
Anything else you should do for security when booting to the LiveUSB? Some say remove the battery for 60 seconds?

What do you want? Do you want to run the client thru Tor? Do you want a LiveCD or install to hard drive. It sounds like you want Tor and hard drive install, but LinuxCoin and Bitsafe appear to work differently.

Let me know your needs and I should be able to throw something together that is based on Debian.

Currently, what is the most secure Linux Distro to run BitcoinQT or Armory?
Is Linux-TAILS the best or something else better? But is it possible to install TAILS to an internal hard drive while still having persistence?
Is there another distro with TOR on by default, that you can install on a hard drive?

Or is there a newer custom Bitcoin Distro? Like LinuxCoin or Bitsafe, but they are old.
Sorry if this is redundant, it's hard to keep up with the latest custom Bitcoin Distros.

Bump

this is awesome! been wanting to provide my family and friends a working cold storage system. This I think is a great way to do it.

I started working on an Electrum live cd. You can find the source at https://github.com/josephbisch/electrum-live-cd-amd64. Build instructions are found in README.md.

The main changes I made are in /config/hooks/ and /config/includes.chroot/. There is no desktop environment, just metacity as the window manager.

An i386 version will be coming soon. In the meantime, you can just modify /auto/config by replacing amd64 with i386. Make sure you run lb config after making the change.

I hesitate to release a build of binary.hybrid.iso for obvious reasons, but will if people really want me to. It is currently at 412MB, but there are probably packages that aren't strictly necessary to run Electrum.

There are currently some known issues. The .xsession script, which starts metacity and electrum when X is started, should restart electrum when it exits with an error. It should shutdown the computer when electrum exits without error, like when you go to file and click on close. Currently, it is shutting down even if electrum exits with an error.

I need to figure out a good way to allow the user to configure their wireless network. Currently just electrum is running, so you must switch to a console and configure your network through there. Suggestions welcome.

As always with Electrum, if you import a private key, you must backup your wallet. Any private keys you import will not be regenerated from your seed.

https://i.imgur.com/6Q1VfNn.png

https://i.imgur.com/FoMvWgG.png

If security is a higher goal for that application, why not use a slim and bootable version of OpenBSD with XServer as terminal system?
They don't even found a backdoor after a FBI affair, see: http://arstechnica.com/information-technology/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor/.

Their slogan: "Only two remote holes in the default install, in a heck of a long time!"

Just my 2BTCcents…

Looks like I may be out of my league.  Bitcoin needs an entire suit of linux distributions.  Cold Wallets. Hot wallets. Different node types. All these need their own, custom Linux distro, and possibly even kernel, built from scratch.  That is out of my league for the immediate future.

But that won't keep me from trying.  I will see if I can hack something together.

Regards,
Frito_Mosquito

I am actively working on this, although I am not sure I meet the 'trusted' requirement, as I am rather new to the community.  My plan is to be as transparent as possible, and include detailed instructions for creating the ISO yourself.

Put like a $500 bounty for the Electrum part. Probably not hard for someone with LiveCD skills. Just need to add an extra package, and recompile the LiveCD.

We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.

Yeah having to download the blockchain would make this quite unusable. Essentially Electrum on LiveCD is all you need. Combine this with a hardware authentication method like YubiKey. Essentially a Trezor like solution for $30.

As I said in the post, I am not developing this, just presenting the idea to the comunity so someone may develop it.

The Bitcoin Core developers have telled to me that they have no time for this so the Electrum ones may have.

Is electrum considered the "Safe way" to do it? I know I read in the past people prefer Bitcoin-qt as you have the whole block chain, and less of a chance to get duped.


Thanks

Kosta

True, we can also change this request to "Developing Bootable Electrum Wallet".

This will save us from downloading the blockchain.

This way we only need a bootable cd + our wallet seed to import our wallet.

This idea should probably not be made available for download until HD (deterministic) wallets are used in the bootable environment.

The reason for this is that in a temporary environment (or with cheap USB storage), there's plenty of risk for new unsaved Bitcoin addresses to be destroyed at shutdown. In case you don't know this, Bitcoin-Qt for instance always create a new Bitcoin address for each payment and moves the "change" of a transaction to this address. There's at least one case of someone who lost a lot of bitcoins in that exact same situation in the past.

Deterministic wallets will be (to my knowledge) immune to this problem, as all Bitcoin addresses generated by these wallets can be re-generated later if the wallet hasn't been saved correctly or when restoring an old backup.