bitBuntu LiveCD R2

[N0]

Yea trust is a major issue.
But I'm not sure if you can trust an open source software 100% either.
Or for that matter any software who gets updated automatically.

The author could just send a malicious update once he thinks its worth it.
and it doesn't even have to be him, what if his system gets compromised, and some else releases an update in his name ?

so the chain of trust in Bitcoin is very limited.

thats why I  think a liveCD is one of the most secure methods were going to have since it will always stay in the same state.
I guess its better to make on your self and not to trust any one else but for most users that wont be an option.
so if you can get one from a trusted source you should be safe (as per release bases)
thats one of the reason I created an OTC account so I could gain trust in the community and hopefully in the end people will
be able to trust me for future release.

but that doesn't mean This current release can't be validated.
I wrote a small post of how I would have test a liveCD like that on reddit
http://www.reddit.com/r/Bitcoin/comments/1c9ht1/bitbuntu_r2_an_ubuntu_livecd_with_all_your/
and I highly encourage any one known in the community to give it a go and validate this specific release.
if you approve it you can ad your public key/sha256 hash to the iso so people will be able to test its the same iso
and I haven't changed it (the disadvantaged is that this has to be done again for each release)

Anyway I hope that for my next release when I'll add Armory etotheipi, will be able to validate it has not been modified.
And I think most people will be able to test gitub bitaddress.org source vs the local saved source and see its the same.

I know that if any one finds an issue with this CD he will notify the community (which is exactly what I  would have done)
but if you use this CD and test it and find it to be legit, it will be very helpful to let people know, since it as important users wiil know what they can trust as to what they cannot

[1715262907]

1715262907

[1715262907]

1715262907

[1715262907]

1715262907

[giszmo]

It simply is easier to verify one client than to verify a whole distro to not contain some troyan, key logger, whatever stuff that will send wallets home. That is why
I don't trust your distro.

[N0]

Your completely missing the point .

YOU SHOULD NOT TRUST MY DISTRO

But you probably shouldn't trust your tools that much.
since this distro is manly intended to offline use.
it will have either to rewrite the tools it using to generate known addresses instead of random ones.
or it will have to manipulate your hardrive installing a trojan or root kit on your normal OS that will steal your wallet
you use on your computer.

validating your hard drive integrity is not trivial but not that hard to do.
and you already said you can validate the tools you use.
so if you do both this processes, you will get a much more trusted liveCD then any non bitcoin related liveCD
since you validated it and the tools installed. unlike ubuntu live cd where you have to install all your tools on each
boot (and how do you know they haven't changed ? or that you can trust your connection ?) or a persistent usb stick who might be tempered or just updated with untrusted new versions.

I think it will be much more worthy and maybe even less difficult. for an attacker to hack bitaddress.org github account and servers (I don't know about bitaddress servers but github had security issues in the past and probably will have in the future) and just catch a few days ride on there servers.
then to build a tempered liveCD who might have at best a few hundred users ( building a normal liveCD was quite trivial and took me about a week, but the time it would take to make a tainted one will probably be weeks or months and will probably require a team of strong hackers so it will be able to pass various verification process, and it will probably be caught quite fast because whoever will test it will know what to look for)

but I don't really care if you use it or not.
I made this CD in the favor of the community, and I don't have any gain out of it (except felling good about myself that people use my software and hopefully get some donations to keep my work but up until now it didn't even cover 1/100 of the cost and I doubt if it ever will) .
But you are not giving any service for the community by scaring people of. you are only sending them to what is surely a much more dangerous software not because they cannot trust the authors of the software but because most of them don't know shit about security like ssl and probably have an OS that is full of Trojans and backdoors).

So as I wrote on reddit, if you really want to help the community and newbies coming to bitcoin, assuming you have the technical background test this CD and verify it safe.

[neotenie]

Not really expecting an answer but I'll ask anyway...

Does anyone know how you would make a USB bootable live version of this for Mac?  Don't judge!

 

I followed these instructions and it was not difficult:
http://www.youtube.com/watch?v=Jtc8fpCt-P0

Greets,
Neo

[taiping]

I would prefer to make an Ubuntu LiveCD myself with the latest Electrum 1.7.3, but Remastersys does not appear very user friendly for this non-techie.
Could you provide some brief step-by-step instructions to get me going?
 

[N0]

I would prefer to make an Ubuntu LiveCD myself with the latest Electrum 1.7.3, but Remastersys does not appear very user friendly for this non-techie.
Could you provide some brief step-by-step instructions to get me going?
 

As you can see from previous post I plan to write a guide on how to use remastersys.
Unfortanantly I'm not going to have alot of available time this next couple of weeks so it will take some time.
any way you can subscribe to my blog to get updates

[Luckybit]

To solve the trust issue, let us compile the important binaries ourselves and just include the source code and commands to do it.

[Ogig]

To solve the trust issue, let us compile the important binaries ourselves and just include the source code and commands to do it.

That wouldn't be enough. Compiler/interpreter could be injecting code, system tools could be modified and more.

I'm not trusting this either. Too many red flags.