Month: November 2013

Ultimate n00b guide to Bitcoin client installation and security/cold storage!

I previously submitted a thread which you can find here with a video tutorial to use the very robust Armory bitcoin client.

But for this submission I will provide the instructions to use Electrum BTC client which provides “Instant on” (your client does not download the blockchain, it uses a remote server).

This will show you how to configure a “watch-only” seedless wallet so that you can receive payments and see your balance on a computer you connect to the Internet with while ensuring that a hacker cannot spend your coins without first “approving” signing the transaction using an OFFLINE computer which you can then return to your online computer and broadcast on the network. If you’re confused, don’t worry, just follow along.

Instructions:

Get an offline computer. This can be a physical device or a separate installation on your current computer. Security tip: Here’s one method on how to disable USB auto run on your offline computer, so that a malware infected USB drive cannot spread its infection.

[Offline PC] Install Electrum via a USB-Key. Here is the download link.

[Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a fire/waterproof lockbox. Password encrypt your wallet using a passphrase created using diceware for upmost security.

[Offline PC] Import/Export and copy your “Master Public Key” and put it in a text file on your USB-Key.

[Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the “Master Public Key”.

You now have an online wallet where you can check your balances and give out new addresses, but you can’t however spend the coins. So if an attacker would be able take over your online computer your coins can’t be lost.

To make a transaction (to spend your Bitcoins) do the following:

[Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.

[Offline PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select your transaction from the USB-Key. It will detect it’s not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.

[Online PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select the signed transaction and it will ask you if you want to broadcast it.

Hope you all found this helpful 🙂 Also if you are uber n00b please take the time to check out the FAQ which is also found on the right hand side of this blog.

Protecting your data: survey indicates that with 4 exceptions major companies fail miserably

With so much recent concern about how the NSA and GCHQ (and, likely, others) basically look at unencrypted traffic as an easy way to hack into your data, it’s becoming increasingly important for the big companies which manage tremendous amounts of the public’s personal data to encrypt as much as possible. The folks over at the EFF have now put together a sort of crypto report card on which major companies are actually encrypting everything they can.

The results are a little disappointing. Only four companies. Dropbox, Google, SpiderOak and Sonic.net got a perfect score on the five categories measured. Twitter is pretty close (and the only thing it’s missing, STARTTLS, really would only matter if it were offering email, which it doesn’t, other than to employees) while the rest still have a fair bit of work to do.For the die hard Cloud users & Faacebook fanatics it involves you taking responsibility for your own security and crypto keys, which maybe is too much to ask. That’s why Encrypting Facebook as a start.or Encrypting cloud storage.. The incumbent access providers AT&T, Verizon and Comcast don’t appear to care nearly enough about security at all. And lots of free apps and cloud services started appearing, some with CIA funding (InQTel) offering storage of business data, video, IP surveillance, exactly the sort of thing the NSA wants to grab in a 5 eyes jurisdiction with a cooperative management. That’s why it’s little surprise that the NSA’s deals with at least AT&T and Verizon are a major source of information.

data

Hopefully this effort (and the ongoing concerns about the NSA, as well as outside hacking) lead more companies to upping their encryption game.

What are the implications of the recently leaked draft of the TPP intellectual property rights chapter?

First it is a draft text. Negotiations like these go through dozens if not hundreds of draft texts. Each one can change things drastically – or just be updated punctuation. This could be one which has been tossed, or one which is about to be released as the official version. No way to know really from what I’ve seen.

Second, These treaties often have a huge amount of lee-way. This allows Pro-Copyright parties to claim victory and Anti-Copyright Parties to claim the sky is falling. An example of this might be text which states “And the Government shall take all reasonable actions to enforce the Copyright Provisions laid out in the above.”

A reasonable action would vary from state-to-state. In Canada, for example, jail time for copyright infringement is unlikely to be found constitutional (IMO). More likely the punishment wouldn’t vary much from the current laws in Western Countries – these sections are mostly aimed at Africa/Third world places where infringement is rampant and no controls are enforced. It also “sets the bar” for countries looking to join the TPP by providing some guidelines to work by.

The biggest implication is that Copyright laws may be extended so that works gain even more copyright protection. Twitter as example is (unlike most of the other assertions) broadly correct that copyright at this point is a harmful mechanic in society. Without getting into a rant, TPP or similar treaties all generally see an alignment “upwards” of standards within member nations. A good example of this is Canada, when it signed a Free Trade Agreement with the EU, added two years of Patent protection to medicine so that it and the EU were the same. You could expect similar provisions within the TPP to avoid any state undermining others.

This is all very broad, but that is because I wouldn’t get into the sky-is-falling basket until you have a real text in hand. Understand that Governments negotiate in private to avoid this sensation – for example, one provision might look very deadly alone, but your Government may only have agreed to it because you were gaining several other concessions for it which seem mild and garnish no attention.

I know you don’t want links, but I would recommend reading the top entry on this blog: http://www.michaelgeist.ca

Michael Geist is a Law Professor at the University of Ottawa and holds a view social media as Twitter would generally agree with. I highly recommend giving it a read as it is relatively brief.

Mark Shuttleworth “Alright, Alright. I’m sorry!”

BYgfGm7CEAIX6nq

The Ubuntu issue is complex and hard to pinpoint exactly. I agree with Shuttleworth that the trademark response was blown completely out of proportion. However, I find some things about his apology confusing.

For example, why would Shuttleworth call fixubuntu.com a “sucks” site without even having the courtesy to mention it by name? The name sounds kind of derogatory.

I also should say that I don’t agree with Shuttleworth that vocal non-technical critics of software are wasting time. There’s at least one person behind every software project, and it shouldn’t be considered a bad thing to know about the people and circumstances outside the actual code. If anything, I’d think Shuttleworth would agree with that.

Lastly, it’s a bit peculiar that he didn’t address the elephant in the room: Why Ubuntu’s online search lenses aren’t disabled by default.

Continue reading “Mark Shuttleworth “Alright, Alright. I’m sorry!””