Bitcoin Forum
November 07, 2024, 07:01:43 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: [LockBox-LBX] Created a Hardened Linux OS for Crypto Hodlers  (Read 539 times)
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 05, 2021, 07:50:47 PM
 #21


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/

Looks promising, will have to look into it too.
It's amazing how much information you leak using public / your internet providers DNS.
And how many people & places still refuse to use DNS over TLS.

Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router.
And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto.
And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway.
Yes, and extreme edge case, but still worth thinking about.

-Dave

You're right.
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 12, 2021, 10:55:06 PM
 #22


No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request?

Link: https://technitium.com/dns/

Looks promising, will have to look into it too.
It's amazing how much information you leak using public / your internet providers DNS.
And how many people & places still refuse to use DNS over TLS.

Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router.
And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto.
And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway.
Yes, and extreme edge case, but still worth thinking about.

-Dave

Hey Dave,

Just a quick follow up.  resolvconf has been installed and the nameservers below have been set to permanent (default):

nameserver: 9.9.9.9 (Quad 9) - Main - DNS over HTTPS (aka DoH)
Link:https://quad9.net/news/blog/doh-with-quad9-dns-servers/
nameserver  1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH)
Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dns
nameserver: 127.0.0.53 (Local) - Fallback

Technitium looked great, however after a hearty conversation with the team no one liked the idea of this remotely resembling a DNS server Cheesy
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 13, 2021, 03:19:22 PM
 #23

nameserver  1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH)
Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dns

You're joking right? I understand Cloudflare is reliable service, but it's bad for privacy and people report few website can't be accessed when using CloudFlare DNS. I would suggest looking for alternative DNS such as NextDNS which is used by Firefox.


Hey ETF,


I believe this is indirectly part of that rabbit hole Dave was referenced earlier.  Cheesy   NextDNS is great, however they typically do have more performance issues than their competitors. From a reliability perspective this gets tricky. Some users may also perceive latency or blocklist issues to be issues related to the LBX image itself, hence the call for Cloudflare. This now becomes a question of finding a happy medium or reverting DNS configurations back to default for user configuration. From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't. I think NextDNS is headed in the right direction however the best course of action is the use of a solid VPN service. Thanks again for taking a sec to highlight this.
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6664


Crypto Swap Exchange


View Profile WWW
September 13, 2021, 08:41:44 PM
Last edit: September 14, 2021, 02:16:55 AM by DaveF
 #24

Perhaps an option at install? Let the user pick what they want.

1) Use DHCP assigned.
2) Use 1.1.1.1, 8.8.8.8, 9.9.9.9 etc. While letting people know that they are probably going to be logged
3) Use NextDNS / others but let people know about possible performance issues / blocking
4) User configured DNS servers.
5) Install BIND and let them know about the bloat that comes with it.

Look, Dave just dumped a couple of weeks of programming and testing on someone :-)

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 15, 2021, 02:32:40 AM
 #25

Perhaps an option at install? Let the user pick what they want.

1) Use DHCP assigned.
2) Use 1.1.1.1, 8.8.8.8, 9.9.9.9 etc. While letting people know that they are probably going to be logged
3) Use NextDNS / others but let people know about possible performance issues / blocking
4) User configured DNS servers.
5) Install BIND and let them know about the bloat that comes with it.

Look, Dave just dumped a couple of weeks of programming and testing on someone :-)

-Dave



Thanks Dave Cheesy For the sake of finalizing the image, I've reverted back the configuration and commented out DNS services Quad9, Cloudflare and NextDNS. User may configure to their discretion.
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 15, 2021, 02:36:15 AM
 #26

From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't.

I get the point, but i would rather choose DNS that might keep log you (but the privacy policy/their website still respect your privacy) than DNS that obviously keep log.


For sure, until we can come up with an method of simplifying this on a user-friendly basis, I've reverted back theses changes to default. I think this is an area of which it would be hard to satisfy the needs and the wants of specific users.  
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
September 26, 2021, 02:01:17 AM
Merited by dkbit98 (1)
 #27

Original post has been updated to include snapshots and a list of software/application installed on the latest image. I'll be working to tidy up a few more items over the weekend including, distrowatch, website and git. Thanks again for the awesome feedback and I look forward to improving this project with community feedback as we progress.


Special thanks to:

ETFbitcoin
NotATether
dkbit98
ETFbitcoin
DaveF
ABCbits
Legendary
*
Offline Offline

Activity: 3052
Merit: 8069


Crypto Swap Exchange


View Profile
September 28, 2021, 09:28:31 AM
Merited by DaveF (3)
 #28

Even if you want your bundle becomes more secure (crypto tasks only), it is better to remove graphical desktop.

Their user demography are new linux user and people who want simplicity. Besides, i wonder how many linux user who remember command for connect to internet over WiFi.

Furthermore, simplicity is also an issue for some not familiar with Linux, so packages like eddy are installed by default to help install applications.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6664


Crypto Swap Exchange


View Profile WWW
September 28, 2021, 11:19:12 AM
 #29

Even if you want your bundle becomes more secure (crypto tasks only), it is better to remove graphical desktop.

Their user demography are new linux user and people who want simplicity. Besides, i wonder how many linux user who remember command for connect to internet over WiFi.

Furthermore, simplicity is also an issue for some not familiar with Linux, so packages like eddy are installed by default to help install applications.

It's not just Wi-Fi it 100s of things. I might be able to run a complete linux server from an SSH terminal window from what I know, every time I have to do something with bitcoin from the same window I am looking up what to do since I do 99% of BTC through a GUI. And don't even ask me to try to run something like electrum from a terminal. It would be a google fest to find the answers.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
October 01, 2021, 09:27:06 PM
Merited by ABCbits (1), dkbit98 (1)
 #30

Nearing completion of the latest image and should have this it available shortly. Please see the list of installed applications below:
Git: https://github.com/StratousLabs/LockBox
Do you have any updates regarding listing LockBox on DistroWatch, because I don't see it listed yet?
If you didn't do it so far you can contact them directly and follow instructions on distribution submission page.
Interesting thing about DistroWatch website is accepting of Bitcoin and Monero donations, along with regular paypal donations.

Hey dkbit,

Just a follow up, we've been officially listed on distrowatch and paid in BTC of course Wink  Thanks again for the suggestion!

https://distrowatch.com/table.php?distribution=lockbox
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
October 05, 2021, 01:48:51 PM
 #31

Quick Update - A signed ISO was requested yesterday and is now available via the site. Key and sig are both publicly available via our git.
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7559



View Profile WWW
November 17, 2021, 09:32:46 AM
 #32

Just a follow up, we've been officially listed on distrowatch and paid in BTC of course Wink  Thanks again for the suggestion!
Nice work, bit I didn't know you have to pay to be listed on that website... if it's not a secret can you tell us how much they charge for this?

I see that ISO size is around 3.4 GB but I am wondering what are the minimum system requirements (RAM/CPU) needed for running LockBox Linux, and is it possible to run it on some old laptop computer?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
November 17, 2021, 02:29:04 PM
Merited by dkbit98 (1)
 #33

Just a follow up, we've been officially listed on distrowatch and paid in BTC of course Wink  Thanks again for the suggestion!
Nice work, bit I didn't know you have to pay to be listed on that website... if it's not a secret can you tell us how much they charge for this?

I see that ISO size is around 3.4 GB but I am wondering what are the minimum system requirements (RAM/CPU) needed for running LockBox Linux, and is it possible to run it on some old laptop computer?


Thanks and sure thing.  To be promptly listed and to buy a tiny bit of advertising space was roughly $220. Thought this to be extremely worth it as it also  serve as direct support for distrowatch.  Also here are the  critical specs:


Dual Core 64-bit processor / Intel i3 or Intel i5

8 GB of system memory (RAM)

​120 GB SSD


Running on a older laptop with equivalent specs shouldn't be an issue, however the experience may be a bit painful. Running opensnitch and a full node wallet can quickly chew up resources.  
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7559



View Profile WWW
November 17, 2021, 02:42:38 PM
 #34

To be promptly listed and to buy a tiny bit of advertising space was roughly $220. Thought this to be extremely worth it as it also  serve as direct support for distrowatch.
I don't know if there is any better and free alternative website for distrowatch, many people think they are a bit bias with their rankings, meaning if you pay more you get higher on their list and many wonder if MX linux got on topo like that.
Good thing about distrowatch is that they are accepting Bitcoin donation.

8 GB of system memory (RAM)
Running on a older laptop with equivalent specs shouldn't be an issue, however the experience may be a bit painful. Running opensnitch and a full node wallet can quickly chew up resources.  
Oh there is no way I could run that on my ancient laptop that has only 1 GB system memory  Cheesy

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
November 17, 2021, 05:28:45 PM
 #35

To be promptly listed and to buy a tiny bit of advertising space was roughly $220. Thought this to be extremely worth it as it also  serve as direct support for distrowatch.
I don't know if there is any better and free alternative website for distrowatch, many people think they are a bit bias with their rankings, meaning if you pay more you get higher on their list and many wonder if MX linux got on topo like that.
Good thing about distrowatch is that they are accepting Bitcoin donation.

8 GB of system memory (RAM)
Running on a older laptop with equivalent specs shouldn't be an issue, however the experience may be a bit painful. Running opensnitch and a full node wallet can quickly chew up resources.  
Oh there is no way I could run that on my ancient laptop that has only 1 GB system memory  Cheesy

Yeah I thought the process over at distrowatch was great as they did actually perform checks of the LBX image beforehand. We did see a notable bump in traffic after our purchasing ad space for a week for sure. However the true goal of course was to increase exposure and trust. And it was a huge plus they accepted BTC.



 As for your laptop,  Certainly would be frozen on arrival. Cheesy
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
November 18, 2021, 05:01:42 PM
 #36

Also here are the  critical specs:


Dual Core 64-bit processor / Intel i3 or Intel i5

8 GB of system memory (RAM)

​120 GB SSD

Is it minimum or recommend specification? For a second i though i read specification for modern video game. What makes this distro have high specification requirement (for example Qubes OS have high requirement because hypervisor usage to perform isolation)?

 Cheesy Certainly recommended. 4GB of RAM is certainly doable but becomes sluggish once the user gets everything they prefer loaded.  Bitcoin Core will utilize roughly 1GB/RAM &  OpenSnitch up to 2GB/RAM. Matched with Chromium based browsers and other full node wallets like Daedalus, it quickly becomes a circus.  I found 8GB best for overall user experience though not necessary.  With regard to the processor, i5 certainly provides a smoother experience.
MagnumOpus3k (OP)
Copper Member
Jr. Member
*
Offline Offline

Activity: 34
Merit: 98


View Profile
November 19, 2021, 03:19:21 PM
 #37

Is it minimum or recommend specification? For a second i though i read specification for modern video game. What makes this distro have high specification requirement (for example Qubes OS have high requirement because hypervisor usage to perform isolation)?
Cheesy Certainly recommended. 4GB of RAM is certainly doable but becomes sluggish once the user gets everything they prefer loaded.  Bitcoin Core will utilize roughly 1GB/RAM &  OpenSnitch up to 2GB/RAM. Matched with Chromium based browsers and other full node wallets like Daedalus, it quickly becomes a circus.  I found 8GB best for overall user experience though not necessary.  With regard to the processor, i5 certainly provides a smoother experience.

You definitely need to mention it's recommended specification on your page, many people will assume it's minimum if you only list 1 specification. Adding note why 8GB RAM/i5 is recommended also helpful since i doubt user run all of the application you mentioned at once.

Great advice ETF. I'll updated this immediately and expand further in the future. Thanks again.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!