Gold collapsing. Bitcoin UP.

[notme]

If there are no catastrophic events, the "Internet kill switch" will be a moot issue within three years. There may still be the potential for continental separation, but methods exist for communication even at transoceanic distances without relying on cables or satellites. With geographically diversified mining resources, Bitcoin will be effectively unbreakable at that point.

That is when Bitcoin will start truly eroding gold's position as a monetary asset, after fiat currencies have been proven bettered by crypto.

Now you have brought up an interesting problem: can someone(e.g., superpowerful alphabet agencies) actually manage to exert control on the whole network by manipulating what's being sent through the cables? Maybe when we get all super-rich with bitcoins we need to construct our own submarine fiber systems, secured by quantum cryptography which is resistant to both sabotage and quantum computing.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

[1714143145]

1714143145

[1714143145]

1714143145

[1714143145]

1714143145

[1714143145]

1714143145

[vokain]

lasers + satellites 

[cypherdoc]

If there are no catastrophic events, the "Internet kill switch" will be a moot issue within three years. There may still be the potential for continental separation, but methods exist for communication even at transoceanic distances without relying on cables or satellites. With geographically diversified mining resources, Bitcoin will be effectively unbreakable at that point.

That is when Bitcoin will start truly eroding gold's position as a monetary asset, after fiat currencies have been proven bettered by crypto.

Now you have brought up an interesting problem: can someone(e.g., superpowerful alphabet agencies) actually manage to exert control on the whole network by manipulating what's being sent through the cables? Maybe when we get all super-rich with bitcoins we need to construct our own submarine fiber systems, secured by quantum cryptography which is resistant to both sabotage and quantum computing.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

i guess the thinking goes that if and when the entire internet is down, the gubmint will have it's hands full trying to bring it back up, let alone trying to take meshnets down.

[thezerg]

lasers + satellites 

To the moon.  And here I would have linked an article about the experimental 100+mB laser link to the LADEE satellite but the site is down because of the USG partial shutdown.  Its amazing how these government computers require constant human intervention whereas my servers run for weeks, even a whole year, without any intervention.  I have visions of uniformed employees running in man sized gerbil exercisers powering these devices...

[cypherdoc]

lasers + satellites 

To the moon.  And here I would have linked an article about the experimental 100+mB laser link to the LADEE satellite but the site is down because of the USG partial shutdown.  Its amazing how these government computers require constant human intervention whereas my servers run for weeks, even a whole year, without any intervention.  I have visions of uniformed employees running in man sized gerbil exercisers powering these devices...

zerg, thanx for keeping us updated.

how hard would it be to graph the results?  we must be close to an all time high?

[notme]

If there are no catastrophic events, the "Internet kill switch" will be a moot issue within three years. There may still be the potential for continental separation, but methods exist for communication even at transoceanic distances without relying on cables or satellites. With geographically diversified mining resources, Bitcoin will be effectively unbreakable at that point.

That is when Bitcoin will start truly eroding gold's position as a monetary asset, after fiat currencies have been proven bettered by crypto.

Now you have brought up an interesting problem: can someone(e.g., superpowerful alphabet agencies) actually manage to exert control on the whole network by manipulating what's being sent through the cables? Maybe when we get all super-rich with bitcoins we need to construct our own submarine fiber systems, secured by quantum cryptography which is resistant to both sabotage and quantum computing.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

i guess the thinking goes that if and when the entire internet is down, the gubmint will have it's hands full trying to bring it back up, let alone trying to take meshnets down.

I agree there.  It would be good if bitcoin natively used secure sockets and random ports.  It isn't very susuceptible to manipulating packet contents, but at some point we may want it to be harder to identify bitcoin traffic.

[cypherdoc]

If there are no catastrophic events, the "Internet kill switch" will be a moot issue within three years. There may still be the potential for continental separation, but methods exist for communication even at transoceanic distances without relying on cables or satellites. With geographically diversified mining resources, Bitcoin will be effectively unbreakable at that point.

That is when Bitcoin will start truly eroding gold's position as a monetary asset, after fiat currencies have been proven bettered by crypto.

Now you have brought up an interesting problem: can someone(e.g., superpowerful alphabet agencies) actually manage to exert control on the whole network by manipulating what's being sent through the cables? Maybe when we get all super-rich with bitcoins we need to construct our own submarine fiber systems, secured by quantum cryptography which is resistant to both sabotage and quantum computing.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

i guess the thinking goes that if and when the entire internet is down, the gubmint will have it's hands full trying to bring it back up, let alone trying to take meshnets down.

I agree there.  It would be good if bitcoin natively used secure sockets and random ports.  It isn't very susuceptible to manipulating packet contents, but at some point we may want it to be harder to identify bitcoin traffic.

let me ask your opinion and that of the other tech experts here on something runeks said over in Reddit.

that by putting one's wallet inside a VM, it becomes much more secure, if not impossible for a gubmint entering your pc via the VM to get out of it and access your IP address thru the native OS and connected router.  is this accurate?  and does it depend on whether one's network adapter uses NAT or bridged?

i have been assuming this is the case since day 1.

[Adrian-x]

Thinking about it from a user perspective (I'm no programmer) it looks like a VM is way more secure if you always run the VM HD of a removable drive.  You will also have to be more careful to backup more often.

[justusranvier]

that by putting one's wallet inside a VM, it becomes much more secure, if not impossible for a gubmint entering your pc via the VM to get out of it and access your IP address thru the native OS and connected router.  is this accurate?

If you know exactly what you're doing when you set up the virtualized environment and make no mistakes, and if there are no zero-day exploits in your host OS virtualization software, and if whatever method you use to allow the guest OS to talk to the network at large is perfectly anonymous and private, then maybe that's true.

[cypherdoc]

that by putting one's wallet inside a VM, it becomes much more secure, if not impossible for a gubmint entering your pc via the VM to get out of it and access your IP address thru the native OS and connected router.  is this accurate?

If you know exactly what you're doing when you set up the virtualized environment and make no mistakes, and if there are no zero-day exploits in your host OS virtualization software, and if whatever method you use to allow the guest OS to talk to the network at large is perfectly anonymous and private, then maybe that's true.

i know you know what you're talking about so please give us recommendations.  like the NAT vs bridged?  what about Shared Folders?  a no no?  what do you think about VMWare Fusion?

[thezerg]

with a wallet in a VM, two attack vectors exist:

First, through the host computer into the file that backs the file system of the guest.  At this point I would guess that this attack is unlikely in a security through obscurity sense -- because the attacker would have difficulty determining which VM hosted your wallet, have difficulty either downloading the 50GB backing file or parsing the guest file system on the host.  But if the attacker KNEW you had bitcoins, as opposed to a drive-by that just grabs whatever presents itself, it would be much more likely.  A successful attack through the host essentially requires human agent interaction, as opposed to the automated process of searching for a wallet.dat file...

Second, into the VM directly.  It is assumed that you are running your wallet in the VM to isolate it.  So the attack surface is much smaller than the host, hopefully uses a less popular OS (AKA Linux), and is reduced functionality both in the programs you are running and the ports that are open.  Don't be surfing random bitcoin info (with a little "present") sites in a browser inside your guest computer!!!

WRT your question:

If an attacker is in your VM, it would very easy to figure out your IP address.  Just send a UDP packet somewhere.  Your home gateway is not set up to filter outgoing packets, but it will rewrite the "from" IP address during NAT traversal.  Better to stop people from getting in in the first place (see above).  But if you were a programmer, you could for example, modify the virtualbox or xen networking layer to only route through TOR.  But justus is correct, this would be susceptible to an attack through the rather large host/guest interface layer.  If you are really that paranoid, better to route all traffic through a single home-brew router that pushes everything (it lets through) into TOR and have router's setup and control be inaccessible except through console.

your other question: any technology capable of traversing the NAT between your home or office network and the rest of the internet is inherently capable of traversing the NAT between the host and guest.

PPS: doing your normal banking on a similarly isolated linux VM is also a pretty good idea... and it has the added bonus that a typical laptop thief won't check your browser history inside the VM for your bank info.

[cypherdoc]

 A successful attack through the host essentially requires human agent interaction, as opposed to the automated process of searching for a wallet.dat file...

i assume an automated attack coming from the host for a wallet.dat would turn up nothing even with the VM open?

an even simpler question, encryption doesn't help an open VM, correct?

[thezerg]

 A successful attack through the host essentially requires human agent interaction, as opposed to the automated process of searching for a wallet.dat file...

i assume an automated attack coming from the host for a wallet.dat would turn up nothing even with the VM open?

an even simpler question, encryption doesn't help an open VM, correct?

In theory the agent on the host could have code that understands the linux file system and accesses it directly through the VM's disk image file which is on the host.  But in practice this isn't going to happen today.  Because that ability (accessing Linux file systems in windows) would be pretty valuable as a real product...

[miscreanity]

Qubes OS may be of interest.

[manfred]

do
{
         cout<<"Gold down.  Bitcoin UP";
}
while (bitcoin < Googol);

[justusranvier]

i know you know what you're talking about so please give us recommendations.

I know enough to doubt my own ability to pull it off, although I do attempt to use virtualization to sandbox all my network-facing applications.

I have a workstation which I turned into a VM host system.

Instead of using a dedicated router, I plug my cable modem directly into this system, but the host doesn't talk to the modem directly. I run a Linux system in a VM which serves as the router/firewall.

That VM directs traffic onto a virtual DMZ network, where the other VMs which run services like Tor, I2P, Freenet, Bitcoind, and an OpenVPN client are able to send and receive packets directly over the ISP connection.

Behind the OpenVPN client is another virtual network where the VMs which are public-facing but which I do not want to see my ISP-provided IP address run (like Bitmessage). One of these VMs is also an internal firewall that allows the physical lan to access the internet via the VPN.

I've also got dedicated virtual networks for Tor and I2P communication.

I do ingress and egress packet filtering at the VM level and at the host level using iptables and ebtables.

In spite of all that, I'm not convinced that it's possible for me to fully contain the damage a compromised VM could cause.

[notme]

i know you know what you're talking about so please give us recommendations.

I know enough to doubt my own ability to pull it off, although I do attempt to use virtualization to sandbox all my network-facing applications.

I have a workstation which I turned into a VM host system.

Instead of using a dedicated router, I plug my cable modem directly into this system, but the host doesn't talk to the modem directly. I run a Linux system in a VM which serves as the router/firewall.

That VM directs traffic onto a virtual DMZ network, where the other VMs which run services like Tor, I2P, Freenet, Bitcoind, and an OpenVPN client are able to send and receive packets directly over the ISP connection.

Behind the OpenVPN client is another virtual network where the VMs which are public-facing but which I do not want to see my ISP-provided IP address run (like Bitmessage). One of these VMs is also an internal firewall that allows the physical lan to access the internet via the VPN.

I've also got dedicated virtual networks for Tor and I2P communication.

I do ingress and egress packet filtering at the VM level and at the host level using iptables and ebtables.

In spite of all that, I'm not convinced that it's possible for me to fully contain the damage a compromised VM could cause.

This should be a fairly thorough setup, as long as the host remains uncompromised.

A successful attack through the host essentially requires human agent interaction, as opposed to the automated process of searching for a wallet.dat file...

i assume an automated attack coming from the host for a wallet.dat would turn up nothing even with the VM open?

an even simpler question, encryption doesn't help an open VM, correct?

In theory the agent on the host could have code that understands the linux file system and accesses it directly through the VM's disk image file which is on the host.  But in practice this isn't going to happen today.  Because that ability (accessing Linux file systems in windows) would be pretty valuable as a real product...

It would be trivial to mount a VM disk image and scan it for wallet.dat's.  Also, if the VM is running, it is possible for code on the host system to read passwords from the VM's memory.

VM's are never protected from the host.

[justusranvier]

This should be a fairly thorough setup, as long as the host remains uncompromised.

I assume that zero day exploits exist for every OS kernel, so that's always a possibility.

[cypherdoc]

so am i, or am i not, obscuring a BTC transaction's IP address when running a wallet from a VM?

[justusranvier]

so am i, or am i not, obscuring a BTC transaction's IP address when running a wallet from a VM?

When you spend bitcoins in your setup, via what path do those transactions make it to the rest of the network?