Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: bitBuntu LiveCD R2
by
N0
on 15/04/2013, 09:13:30 UTC
Your completely missing the point .

YOU SHOULD NOT TRUST MY DISTRO

But you probably shouldn't trust your tools that much.
since this distro is manly intended to offline use.
it will have either to rewrite the tools it using to generate known addresses instead of random ones.
or it will have to manipulate your hardrive installing a trojan or root kit on your normal OS that will steal your wallet
you use on your computer.

validating your hard drive integrity is not trivial but not that hard to do.
and you already said you can validate the tools you use.
so if you do both this processes, you will get a much more trusted liveCD then any non bitcoin related liveCD
since you validated it and the tools installed. unlike ubuntu live cd where you have to install all your tools on each
boot (and how do you know they haven't changed ? or that you can trust your connection ?) or a persistent usb stick who might be tempered or just updated with untrusted new versions.

I think it will be much more worthy and maybe even less difficult. for an attacker to hack bitaddress.org github account and servers (I don't know about bitaddress servers but github had security issues in the past and probably will have in the future) and just catch a few days ride on there servers.
then to build a tempered liveCD who might have at best a few hundred users ( building a normal liveCD was quite trivial and took me about a week, but the time it would take to make a tainted one will probably be weeks or months and will probably require a team of strong hackers so it will be able to pass various verification process, and it will probably be caught quite fast because whoever will test it will know what to look for)

but I don't really care if you use it or not.
I made this CD in the favor of the community, and I don't have any gain out of it (except felling good about myself that people use my software and hopefully get some donations to keep my work but up until now it didn't even cover 1/100 of the cost and I doubt if it ever will) .
But you are not giving any service for the community by scaring people of. you are only sending them to what is surely a much more dangerous software not because they cannot trust the authors of the software but because most of them don't know shit about security like ssl and probably have an OS that is full of Trojans and backdoors).

So as I wrote on reddit, if you really want to help the community and newbies coming to bitcoin, assuming you have the technical background test this CD and verify it safe.