Bitcoin Forum
September 20, 2021, 10:50:16 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [LockBox-LBX] Created a Hardened Linux OS for Crypto Hodlers  (Read 246 times)
MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 05, 2021, 04:38:02 PM
 #21

Nearing completion of the latest image and should have this it available shortly. Please see the list of installed applications below:
Git: https://github.com/StratousLabs/LockBox
Do you have any updates regarding listing LockBox on DistroWatch, because I don't see it listed yet?
If you didn't do it so far you can contact them directly and follow instructions on distribution submission page.
Interesting thing about DistroWatch website is accepting of Bitcoin and Monero donations, along with regular paypal donations.

Hey DK!

Been pretty focused on doing this right but this is an action item and we look forward to submission! We should have this submitted within the next week or so.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1632135016
Hero Member
*
Offline Offline

Posts: 1632135016

View Profile Personal Message (Offline)

Ignore
1632135016
Reply with quote  #2

1632135016
Report to moderator
1632135016
Hero Member
*
Offline Offline

Posts: 1632135016

View Profile Personal Message (Offline)

Ignore
1632135016
Reply with quote  #2

1632135016
Report to moderator
1632135016
Hero Member
*
Offline Offline

Posts: 1632135016

View Profile Personal Message (Offline)

Ignore
1632135016
Reply with quote  #2

1632135016
Report to moderator
MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 05, 2021, 05:20:35 PM
 #22

Pi-Hole have lots of dependency though.

Does not need to be Pi-Hole, just a local DNS resolver that you can query that will give 127.0.0.1 or whatever for places that you do not want your PC going to.
But......
Since 99% of the world runs on BIND it's probably going to be that and it's dependencies.
Since some pages are going to sit there and wait for a response from the query you need something internally running a web server and it's dependencies.
Then, you are going to need a front end to manage it since you need a simple way to add / remove blocks.

It's a trip down a very deep rabbit hole. But I still think it would be a nice feature to have or at least the option to have.

You could probably get some app that manages your hosts file that pulls data from the blocklists you want to use and puts them in there, and then some sort of a front end manager for that.

-Dave


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/
DaveF
Legendary
*
Offline Offline

Activity: 2506
Merit: 2128


I DO NOT TRADE on Telegram or Skype or Discord.


View Profile WWW
September 05, 2021, 05:53:43 PM
 #23


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/

Looks promising, will have to look into it too.
It's amazing how much information you leak using public / your internet providers DNS.
And how many people & places still refuse to use DNS over TLS.

Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router.
And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto.
And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway.
Yes, and extreme edge case, but still worth thinking about.

-Dave

MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 05, 2021, 07:50:47 PM
 #24


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/

Looks promising, will have to look into it too.
It's amazing how much information you leak using public / your internet providers DNS.
And how many people & places still refuse to use DNS over TLS.

Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router.
And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto.
And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway.
Yes, and extreme edge case, but still worth thinking about.

-Dave

You're right.
MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 12, 2021, 10:55:06 PM
 #25


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/

Looks promising, will have to look into it too.
It's amazing how much information you leak using public / your internet providers DNS.
And how many people & places still refuse to use DNS over TLS.

Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router.
And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto.
And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway.
Yes, and extreme edge case, but still worth thinking about.

-Dave

Hey Dave,

Just a quick follow up.  resolvconf has been installed and the nameservers below have been set to permanent (default):

nameserver: 9.9.9.9 (Quad 9) - Main - DNS over HTTPS (aka DoH)
Link:https://quad9.net/news/blog/doh-with-quad9-dns-servers/
nameserver  1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH)
Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dns
nameserver: 127.0.0.53 (Local) - Fallback

Technitium looked great, however after a hearty conversation with the team no one liked the idea of this remotely resembling a DNS server Cheesy
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1988
Merit: 3111


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
September 13, 2021, 09:54:10 AM
 #26

nameserver  1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH)
Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dns

You're joking right? I understand Cloudflare is reliable service, but it's bad for privacy and people report few website can't be accessed when using CloudFlare DNS. I would suggest looking for alternative DNS such as NextDNS which is used by Firefox.

MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 13, 2021, 03:19:22 PM
 #27

nameserver  1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH)
Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dns

You're joking right? I understand Cloudflare is reliable service, but it's bad for privacy and people report few website can't be accessed when using CloudFlare DNS. I would suggest looking for alternative DNS such as NextDNS which is used by Firefox.


Hey ETF,


I believe this is indirectly part of that rabbit hole Dave was referenced earlier.  Cheesy   NextDNS is great, however they typically do have more performance issues than their competitors. From a reliability perspective this gets tricky. Some users may also perceive latency or blocklist issues to be issues related to the LBX image itself, hence the call for Cloudflare. This now becomes a question of finding a happy medium or reverting DNS configurations back to default for user configuration. From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't. I think NextDNS is headed in the right direction however the best course of action is the use of a solid VPN service. Thanks again for taking a sec to highlight this.
DaveF
Legendary
*
Offline Offline

Activity: 2506
Merit: 2128


I DO NOT TRADE on Telegram or Skype or Discord.


View Profile WWW
September 13, 2021, 08:41:44 PM
Last edit: September 14, 2021, 02:16:55 AM by DaveF
 #28

Perhaps an option at install? Let the user pick what they want.

1) Use DHCP assigned.
2) Use 1.1.1.1, 8.8.8.8, 9.9.9.9 etc. While letting people know that they are probably going to be logged
3) Use NextDNS / others but let people know about possible performance issues / blocking
4) User configured DNS servers.
5) Install BIND and let them know about the bloat that comes with it.

Look, Dave just dumped a couple of weeks of programming and testing on someone :-)

-Dave

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1988
Merit: 3111


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
September 14, 2021, 11:41:24 AM
 #29

From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't.

I get the point, but i would rather choose DNS that might keep log you (but the privacy policy/their website still respect your privacy) than DNS that obviously keep log.

MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 15, 2021, 02:32:40 AM
 #30

Perhaps an option at install? Let the user pick what they want.

1) Use DHCP assigned.
2) Use 1.1.1.1, 8.8.8.8, 9.9.9.9 etc. While letting people know that they are probably going to be logged
3) Use NextDNS / others but let people know about possible performance issues / blocking
4) User configured DNS servers.
5) Install BIND and let them know about the bloat that comes with it.

Look, Dave just dumped a couple of weeks of programming and testing on someone :-)

-Dave



Thanks Dave Cheesy For the sake of finalizing the image, I've reverted back the configuration and commented out DNS services Quad9, Cloudflare and NextDNS. User may configure to their discretion.
MagnumOpus3k
Copper Member
Newbie
*
Offline Offline

Activity: 27
Merit: 61


View Profile
September 15, 2021, 02:36:15 AM
 #31

From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't.

I get the point, but i would rather choose DNS that might keep log you (but the privacy policy/their website still respect your privacy) than DNS that obviously keep log.


For sure, until we can come up with an method of simplifying this on a user-friendly basis, I've reverted back theses changes to default. I think this is an area of which it would be hard to satisfy the needs and the wants of specific users.  
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!