Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    bitcoinhodler
    @bitcoinhodler
    If your Setup PC cannot boot 16.04.5 then I would seek help from Ubuntu channels
    (I meant 16.04.6)
    iharokus
    @iharokus
    Ok. Thank you so much
    bitcoinhodler
    @bitcoinhodler
    I've tested Glacier v0.94 with Bitcoin Core v0.19.0rc1 and it works without issues.
    iharokus
    @iharokus
    It means, no need to update current v0.94 version?
    bitcoinhodler
    @bitcoinhodler
    exactly
    Matt
    @mcsnubbs_twitter
    there is a lot of discuss regarding the test withdrawal process and its tradeoffs considering address reuse. Im curious if instead of doing a test withdrawal on chain, one could use software like coinb.in downloaded to a quarantined computer to generate and sign the transaction to verify the keys without submitting an on chain transaction?
    Jernej
    @jazarija
    Where is this discussion?
    Its kinda hard to instruct users to download a page I guess
    Matt
    @mcsnubbs_twitter
    Ive heard several people discuss the theoretic risks of address reuse including the youtube interview with Livera and Diogo - SLP106 Diogo Monica
    bitcoinhodler
    @bitcoinhodler
    Right now, during the test withdrawal, Glacier is only validating M-of-N keys (instead of all N) anyway (see issue #20 on the github)
    But if that gets fixed, then I think it's safe to verify only that Glacier creates a signed transaction on the quarantined laptops. No need to scan out the QR code at all.
    Bitcoin Dominus
    @bitstalin_twitter
    Can I use raspberry pi 4 with a camera instead of laptop?
    bitcoinhodler
    @bitcoinhodler
    You probably could use a RaspPi if you could get GlacierScript, zbarimg, and qrencode all working on it, but can you physically remove the WiFi & Bluetooth hardware from the RaspPi4? It doesn't look like it to me...which is a big drawback.
    Bitcoin Dominus
    @bitstalin_twitter
    Probably faraday bag might help if it can't be removed..
    hodlwave
    @hodlwave
    Hi Glacier Protocol users, I'd love to get some feedback on my project - Proof Wallet - I've been working on as it's heavily inspired by Glacier
    Twitter thread: https://twitter.com/hodlwave/status/1223780197394190337?s=20
    GitHub page: https://github.com/hodlwave/proof-wallet
    bitcoinhodler
    @bitcoinhodler
    Proof Wallet looks interesting. Can you explain how you validate the cosigner xpubs? I.e., when you compute & display receive addresses, how do you ensure that the real xpubs have not been substituted with an attacker's xpubs?
    hodlwave
    @hodlwave
    Hmmm I guess it depends on where in the process the attack has occurred. If a user running Proof Wallet is unwittingly running a corrupted version of the code, I don't think this is preventable. The receive addresses are computed based on the Wallet object's state using Bitcoin Core's descriptor-based deriveaddresses command. To finalize the Wallet object, a user scans a QR code and then must confirm that the scanned data represents a valid cosigner xpub. Any thoughts on how to make this process more secure?
    bitcoinhodler
    @bitcoinhodler
    Assume only the online computer(s) have been compromised. The online computer prints a QR with all the cosigners' xpubs, right? And then the quarantined computer scans that in. At that point, is the user expected and/or instructed to check that the scanned xpub matches the correct cosigner xpub?
    hodlwave
    @hodlwave
    Yup the user would be expected to have some reliable source of truth for the cosigner xpubs to compare with what is displayed on the quarantined computer (when the xpub is scanned)
    Note I don't have a protocol document written with all of this yet just the code :)
    Trump beats Trump
    @Jagoona2_twitter
    Hi all,
    I try to get in contact with ppl working on the project. E-mails are being rejected: "The email account that you tried to reach does not exist". I work on a "paranoia mode" of the glacier protocol - so how to get in contact with them?
    bitcoinhodler
    @bitcoinhodler
    Glacier is all about paranoia, so good on you! But the official maintainers have all but abandoned the project. I'd recommend alternatives like Casa.
    bitcoinhodler
    @bitcoinhodler
    Though depending on your question, we might be able to help you here.
    hellosa-sa
    @hellosa-sa

    Hey there. I'm setting up Glacier and hit a snag. I'm hoping someone can help me out.

    I'm on page 32 of the PDF, where I am attmpting the verify the integrity of the iso file for Q1 BOOT USB.

    I'm in the $HOME/Downloads folder and enter the following command:

    $ sudo cmp -n `stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso

    The protocol instructions state that I should wait a few minutes, and if all goes well, I will return to my usual command prompt. However, after I enter this command, all that I see is this one character ">", and nothing else happens. No error message, but not my usual terminal prompt either.

    What could be wrong?

    hellosa-sa
    @hellosa-sa
    I can share screen shots of this if that would be useful
    hodlwave
    @hodlwave

    The full command in the PDF is: sudo cmp -n stat -f '%z' ubuntu-16.04.1-desktop- amd64.img.dmg ubuntu-16.04.1-desktop-amd64.img.dmg USB-device-identifier-here

    Are you sure this is what you entered (substituting your own USB device identifier)?

    The “>” suggests you might not have closed the backtick that was opened before “stat”
    By the way, you can break out of the “>” back to the terminal prompt by pressing CTRL+C
    hellosa-sa
    @hellosa-sa

    @hodlwave It looks like you are citing section iv-6 from the MacOS instructions, are you not?

    I'm following the instructions from iii-5 from the Ubuntu instructions.

    I am currently working from an Ubuntu terminated (booted from Setup USB 1) trying to verify the integrity of the Q1 Boot USB.

    Your comment helped me realize that I was missing the trailing ` to close out the command.

    However, now I get a new error when typing the following command:

    $ sudo cmp -n stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso

    cmp: missing operand after '1513308160'
    cmp: Try 'cmp --help' for mor information.

    bitcoinhodler
    @bitcoinhodler

    Your command is incomplete. Perhaps the pdf has formatting issues. On the website I can see the entire command:

    $ sudo cmp -n stat -c '%s' ubuntu-16.04.1-desktop-amd64.iso ubuntu-16.04.1-desktop-amd64.iso USB-device-identifier-here

    Gitter has formatted that funny. The grey part is supposed to be surrounded by backticks
    So the missing operand it's complaining about is the ubuntu-*.iso filename, plus the USB device identifier after that
    hellosa-sa
    @hellosa-sa
    thanks. Yeah, but PDF is cut off. Can you link me to what you are looking at? It's concerning that my pdf does not match the information you see
    Yes, the pdf has been in bad shape ever since the then-new maintainers did a very sloppy and incomplete doc format conversion almost two years ago. See GlacierProtocol/glacierprotocol.github.io#7
    I actually can't recommend Glacier anymore. It's all but abandoned.
    hellosa-sa
    @hellosa-sa
    Well shit. I ordered $1000 worth of stuff to get this set up. What’s better?
    bitcoinhodler
    @bitcoinhodler
    I still use Glacier, but I understand it thoroughly and use my own modernized version
    Because I haven't found anything as serious
    There's a lot of other systems in development but nothing that I would say is production-ready. Most of them use hardware wallets instead of quarantined laptops
    If you want to use Glacier I'd recommend you print the pdf from 0.91 (the last release by the original authors) and refer to that most of the time, except where there are updates.
    I know, that's messy.
    I still use my printout from 0.90, plus some penciled-in edits
    hellosa-sa
    @hellosa-sa
    Thank you. The command worked fine after I entered is as you have it above. I will download v0.91 and proceed. It's too bad this project has been abandoned. It feels like the most secure solution I have found, as a non-technical person, without having to rely on a third party (like casa).
    hellosa-sa
    @hellosa-sa
    Also, this feels like a dumb question, but how do I find version 0.91 to download? I spent the last 15 minutes searching and couldn't find any older versions.
    bitcoinhodler
    @bitcoinhodler
    Glacier is designed for high-value personal storage. It's not smart to advertise that you're interested in such a system. Hence most Glacier users reasonably wish to remain anonymous.
    But a system like this really needs a public face, with a reputation to uphold, as maintainer. That's been hard to find.
    hellosa-sa
    @hellosa-sa
    Makes sense. I really appreciate you taking the time to answer my questions.