I was offered a bug bounty for finding vulnerabilities on ALTS.trade. In the past I've participated in other bug bounty programs offered by different Bitcoin exchanges and services, such as Coinbase.

I have found 2 minor weaknesses in their service, and the ALTS.trade team has fixed those in a timely manner.

I've set up this service, it's completely non-profit: http://fullnode.co

It's still under 'beta' or even 'alpha' but it's working.

Reddit thread: http://www.reddit.com/r/Bitcoin/comments/262vvi/contribute_back_to_the_bitcoin_network_by/

FAQ:
Q: Why are you working with only one hosting provider, centralization is always bad
A: I know, I'm working on adding other providers such as DigitalOcean

Q: $20? That's too much, you can find cheaper VPS providers!
A: I know, but servers with less than 2GB of RAM tend to crash the bitcoind daemon

Q: How can I know you're deploying a server for each $20?
A: A full list of the deployed servers is available on the website and you can calculate the donated amount divided by $20 per server

Q: How can I know you're not using the servers for other stuff?
A: I'm not sure how to prove this part, if anyone has any suggestions I would be more than happy to implement them.

Q: How can I check if the deployed servers are actually running the bitcoin daemon and are currently connected to the bitcoin network?
A: Take any server IP and paste it in the box that can be found in the middle of this page

Q: Are you going to opensource this project?
A: Yes, in the next few days you will be able to deploy an entire clone of fullnode.co and also everyone would benefit from contributions to the project's code

Please proceed with caution, no offense but installers for applications that are not open sourced and from an unknown source should not be installed on machines with wallets or any sensitive data.

You can import a private key into your Armory wallet. Even if I had generated the wallet myself (which I don't, and if you install the image you can see that you'll get the 'create your new armory wallet' splash screen. Also you can check and see that there's no ~/.armory directory before you launch Armory for the first time).

If you choose to import a private key from bitaddress.org's html, as far as I know, there's nothing I could do beforehand to get your coins. However if you choose to 'sweep' the address, that will move the funds to the Armory generated address which is something you would like to avoid if you do not trust me.

How do you know his name? can you provide some resources?

Did anyone receive a refund? They said they will start refunding on Jan 10th but no word since. They have been inactive on bitcointalk and reddit, not answering emails.. are we screwed?

Yes but if you use the bitaddress.org HTML file that I've included (and can be verified via md5 checksum) you can generate the private key there and import it into Armory. So I can't control the master seed or anything else..

Trezor can be used as either hot or cold storage. You can easily move coins to trezor's address and use it as cold storage but also allows you to plug the trezor to an internet machine and safely transfer coins as a hot wallet.

The cold pi is intended for cold storage only. Of course you can still spend coins on the Cold Pi address but the way to do it is a bit more complicated than trezor. You will need to export the watch only address from your cold pi to an internet machine, create a transaction using the watch only address, move the transaction data via USB, sign it on the cold pi and move it back to the internet machine.

The Cold Pi image can now be downloaded freely, please have a look here:

http://coldpi.com/manuals/install-image.html

Regarding the security issues that were raised earlier in this thread, I've also included bitaddress.org's source code (that can be verified via md5 checksum against the current version on github) so you can now basically generate a new key via the bitaddress.org HTML file and import it into Armory.

By doing so you eliminate my ability to mess around with the Armory key generation function and my ability affect the randomness of the process.

Since the device is not intended and should never be connected to the internet, other than to mess around with the randomness of the genkey function I cannot do much more to gain profit.

Just to state the obvious, I have not infected the Raspberry Pi with any malicious software and have not made any code changes to either the Armory client, Raspbian OS or bitaddress.org HTML file.

In my opinion, if the network cable is plugged to the board, it cannot be considered as 'cold' storage.

Well I don't want to cripple the device by removing the interface. I will however disable it by default, so even if you connect the cable by mistake nothing will happen until you start the networking service manually.

I'll be uploading the complete Raspberry Pi SD image soon (not just the Armory source as currently available).

Indeed it is possible for me to steal coins from users who choose to use my compiled Armory version, however it is extremely difficult for me to do that, and impossible if you actually follow my own instructions (which is to NEVER connect the Pi to the internet).

By the way, if anyone is interested in adding something to the bundle, he can do it via USB instead of connecting the device to the internet which is quite convenient even compared to directly plugging the Pi to the internet.

I wrote http://github.com/orweinberger/bitquote.git

It takes the data from Bitcoin Average however you can also choose whatever currency you want and control the design via CSS.

It currently works ONLY with Bitcoin Average but maybe you'll find it useful.

My installation manual was not complete, I've updated now to include all necessary packages required to install Armory. Please try now http://coldpi.com/manuals/install.html

Checking out this error now, will update

There's no reason for anyone to create an image since I'm sharing compiled Armory source available for free download. The Cold PI kit will be sold to people that does not have the time/knowledge to deal with purchasing a new Raspberry Pi and installing everything on it.

Regarding preloading it with Bitcoin. It's a cool idea but not practical. I do not want to launch the Armory client after I install it on a client's Cold Pi since they cannot tell if I also took their private key and saved it somewhere.

Yes you're right, problem is that compiling the Armory for the RPi is a nightmare..

Browser is already there, ships with the Raspbian OS. I didn't mention it but I'm also adding an offline version of the bitaddress.org code. I'll add the bitcoinpaperwallet.com one as well.

Thanks!

Glad you liked it, if anyone has any suggestions on other relevant software that I can add to the Cold Pi please let me know.

As previously mentioned, all compiled code is available freely for download. You can also choose to pay for the kit or the SD card alone if you don't have the knowledge or time to deal with it.

In case anyone is still interested in compiling the Bitcoin Armory on the RPi, you can download the compiled source code from http://coldpi.com.

That is Bitcoin Armory 0.88, compiled for Raspbian.