Upgrading electrum on tails to 3.3.4

February 26, 2019 at 7:52 am | Posted in Uncategorized | 47 Comments

I see a lot of requests on reddit asking how to install the new version of electrum on tails. So I thought I would create a blog post showing people how to do it. There’s a lot of things you have to type so you might want to copy and paste this into a text file and load it on a USB, so you can copy and paste certain commands back into the commandline.

Currently, the running version of electrum on tails is insecure because it allows nodes to broadcast messages that can potentially be phishing attacks and trick users into downloading malware. Electrum 3.3.3 and above can mitigate such attacks. Currently, the latest version of electrum is 3.3.4, so I’ll write about that.

First off, whenever you make “weird changes” to whatever you are doing, even in general, you should make a backup. This is doubly true if this involves money. My recommendation is to use the tails official backup procedure here: https://tails.boum.org/blueprint/backups/ . There are a actually a couple of ways you can backup tails. If the official article is somehow unsatisfactory, I can do another “how to” article later on this later on.

Ok, now boot to tails. We have to be able to login as “administrator” for what we do, so when we login, press the “+” sign on the bottom left hand of the screen:
tails_login_screen

Then double-click on “administration password” and set the password to any arbitrary password you like. (This, by the way, allows you to execute the “sudo” command which gives your tails account temporary root privileges. This password is forgotten on the next reboot, so it won’t introduce any security problems once we’re done).

Now that we are logged in, we can begin upgrading the electrum wallet. The next  step is to verify the binary’s validity. There are a lot of “scam wallets” going around where people somehow download the wrong binary which then steals money. A hacker can also theoretically hack into the website and change the binary as well. So any binary that is not part of the official tails distribution should be verified that is hasn’t been tampered with. One of the maintainers of electrum is “ThomasV” and his GPG key is here:
https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc
gpg signature: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

Notice the high number of stars in the github page. This means that a lot of people are saying “yep, I like this key”.

Anyway, save the key to your tails distribution. Visit this webpage https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc , and highlight the text of the key, right click and press “copy”.

Then open gedit, “paste” the key into gedit:
copy_gpg_key

Then save it as “thomasv.key” in the “Tor Browser” directory.

save_gpg_key

Next, open “tor browser directory”:

selecting_tor_browser

in nautilus and double click the key. This will import it:
double_click

Once it’s imported, you have to then “sign” the key. By signing the key, one of the things you are doing is indicating “I trust this key as valid and I made sure that it’s owned by the actual ‘ThomasV’ in question.” You can verify this by comparing the signatures with people who you know have the correct key. The particular github account we got our key from is heavily starred and the file hasn’t been altered since Sept 2013, so we have a reasonable assurance that it is the real one. I have also personally used this particular key for years with that exact signature, so I can personally attest that signature with the following key is valid:

6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

There are web-of-trust benefits to signing the key, but I won’t go into that for now. Ok, now let’s sign the key. Right click on the clipboard thing on the upper right hand corner of the screen click on the “manage keys”:
manage_keys

Then scroll down until you find the key you want to sign (in this case ThomasV), right click and press “properties”.
click_properties

From there, you’ll get this dialogue box, so click on the trust tab:
sign_key

We did a reasonable search for the key, so let’s click on “casually searched”, then click the “sign” button:
Screenshot from 2019-03-12 00-25-30

We have now successfully signed the key.  I consider verifying binaries as a very important thing to do in the bitcoin world because there are a TON of scamwallets out there designed to steal your bitcoins. By verifying the binary, we can be rest assured that the binary we are about to download is the official untampered binary.

Ok, now that is done, we can download the binary. Download the AppImage binary and the appropriate signatures from this webpage:
https://electrum.org/#download

Download the AppImage and it’s corresponding signature file:

download_electrum_arrows
electrum_save_link_as

The “AppImage” version of tails is a self-contained version of electrum with all the appropriate libraries and python version encased in one file.  Currently electrum 3.3.4 uses a version of python that the current version of tails does not support (3.12.1). So the AppImage is your only recourse.

Ok, so once you download electrum and it’s signature file, you can verify the signature file as follows. Navigate to the “Tor Browser” directory you were in earlier, and right click the .asc file and click “Open with Verify Signature”.
verify_binary

Once that goes through, it should hopefully give you a “good signature” emblem on top:
good_signature

The “good signature” line shows that the binary has not been tampered with and is safe to put on the system. It was digitally signed by a well-known hacker with a good reputation.

Ok. Next steps. We have to create some folders in some appropriate directories. We do this because tails has an ephemeral filesystem mostly, with only a few key directories that is “remembered” between each bootup. the “Persistent” folder is one of those folders.

So return to the command terminal and type these commands (or copy and paste if you prefer):

sudo mkdir -p /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications
sudo chown -R 1000:1000 /live/persistence/TailsData_unlocked/dotfiles/
mkdir -p /home/amnesia/Persistent/bin/
mkdir -p /home/amnesia/Persistent/conf/electrum/

If the sudo command asks for a password, use the “administrator account” password that you setup when you booted tails.

Ok, next go back to “Tor Browser” window and right click the AppImage files. From there click properties:
right_click_electrum_properties

Click on the permissions tab and click on “allow executing file as program”:
allow_executing_files_in_program

This makes the file “executable” meaning it turns the file into an “app” that tails can run. Then right click and rename file to “electrum.AppImage”.

rename_electrum

Then open the persistent directory:
open_persistent

and drag the “electrum.AppImage” over to “Persistent/bin”

drag_electrum_2

It’s best to be extra cautious about bitcoin wallets, so we are not going to “write over” the old bitcoin wallet, we are going to create another and put it in a separate directory. (Conservatism is an important concept in the bitcoin world). So let’s open your old electrum wallet and copy the seed. You can do this by going to Wallet -> Seed on your menubar and writing it down or saving it to a file in your persistent partition.
electrum_select_seed

seed2

Keep these words in a safe place and don’t give it to anyone! Your seed is a “second layer” of defense in case you somehow screw up the upgrade process. If upgrading your wallet does not work for some reason, you can always re-create a new wallet, type the seed words back in and be able to recover your bitcoins through your seed words. So make sure you don’t lose that seed!

Once we have the words stored in a safe place, let’s go ahead and make the bitcoin icon point to the new version of electrum that we just put on the persistent folder.

Go back to your terminal window and type the following:

gedit /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

When gedit opens, copy and paste the following:

[Desktop Entry]
Comment=Lightweight Bitcoin Client
Exec=/home/amnesia/Persistent/bin/electrum.AppImage -D /home/amnesia/Persistent/conf/electrum/
GenericName[en_US]=Bitcoin Wallet
GenericName=Bitcoin Wallet
Icon=electrum
Name[en_US]=Electrum Bitcoin Wallet
Name=Electrum Bitcoin Wallet
Categories=Finance;Network;
StartupNotify=false
Terminal=false
Type=Application
MimeType=x-scheme-handler/bitcoin;
Actions=Testnet;

Then save.

Go back to your terminal and type:

sudo chmod +x /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

Go to Places -> Computer on the upper left hand corner of the screen. Once it does, Press ctrl-l and type this in the directory:

/live/persistence/TailsData_unlocked/dotfiles/.local/share/applications

visit_electrum_desktop_file

There should be an “electrum” icon there, double click on it then click on “trust” (we verified the binary so we know we can trust it). When the new wallet comes up, go install the electrum wallet like you normally would, but select “standard wallet” and “I already have a seed”.

i_already_have_seed

When the prompt comes up, paste the words of that seed that you entered earlier and click next. When electrum comes on, it should show your old “history of transactions”. Make sure you can see them.

Next, we have to tell electrum to use the tails proxy to communicate. Go to tools -> network in the menu:
select_network

Then click on the proxy tab and tell it to use the “Tor Proxy at port 9050”:
select_tor_proxy

Teboot tails, re-login and click on electrum icon on your menu, it should bring up the new version of tails:

electrum_3_3_4

Send a test transaction to another wallet and make sure it works.

If there are  any errors with this blog post, please leave a COMMENT and I can fix it. 

Why I think “Black Lives Matter” is a stupid movement

January 24, 2018 at 7:39 pm | Posted in Uncategorized | Leave a comment

A picture is worth a thousand words. . .

 

what_black_lives_matter_is_protesting

Tails 3.0 does not download stampnik labels properly

January 19, 2018 at 7:10 am | Posted in Uncategorized | Leave a comment

I do consulting time to time and I’ve encountered two clients with this very same problem. Basically, it seems that tails 3.0 can’t download stampnik labels properly. It downloads a HTML file instead.

Ok, I looked into the problem further, and I see what’s happening. Basically, when stampnik “shows” a label that’s a .png file, it’s not “really” a PNG file, it’s an actually html file with a .PNG extension that, when executed, DISPLAYS a PNG image. Anyway, tails just downloads the straight html file and doesn’t actually execute it, I assume for security reasons. I don’t know of a way to force tails to actually execute the HTML so I found a workaround.

Basically, you have to right click the label image and select “copy image”. The actual image is then stored in the computer’s memory. And then execute this script and it will write label to a file:


import glob
import gtk
import os
import Tkinter
import tkMessageBox

# Find the name of the label
def def_file():
"""
Return default file name
"""
files = glob.glob("/home/amnesia/Tor Browser/lbl_???.png")
if len(files) < 1:
return 'lbl_001.png'
maxf = 0
for f in files:
try:
n = int(f[30:33])
maxf = max(n, maxf)
except ValueError:
pass
return 'lbl_{:03d}.png'.format(maxf+1)

# Save the label
fname = def_file()
clipboard = gtk.clipboard_get()
image = clipboard.wait_for_image()
if image is not None:
image.save("/home/amnesia/Tor Browser/" + fname, "png")
message = "Postage label saved to file: " + fname
else:
message = "No image in clipboard found"

# Inform user
tkMessageBox.showinfo("Message", message)

If you use this script a lot, you might want to save this “save_stampnik.desktop” file so you can actually double click an icon:

[Desktop Entry]
Name=Save label
Comment=Save label
Exec=/home/amnesia/Persistent/put_your_directory_here/save_label.py
Icon=/home/amnesia/Persistent/put_your_directory_here/save_label.ico
Terminal=false
Type=Application
Name[en_US]=save_stampnik_label

Just putting this out there so other people can benefit. If there are improvements to the code or if anyone else has tips to make the user experience better, comment on my blog and I will update this post.

I actually had to put this sign on my Bitcoin ATM the other day

December 28, 2017 at 1:38 pm | Posted in Uncategorized | Leave a comment

bitcoin_atm

 

A customer came in the other day and put $200 in my BTM – and he only got $40 out. I called CoinCloud and yeah, it was $16 coincloud fee and $144 bitcoin miner fee. And he guy was PISSED. It’s getting to the point where I’m telling people to just not buy bitcoin at all. I just tell them to use litecoin or ethereum or bitcoin cash or something. Anything but bitcoin.

Dear BitAccess: please get off your collective ass and put some other altcoin on your machine other than bitcoin. Bitcoin is stupid now. Ill be happy with anything other than bitcoin.

Bitcoin Core: there is no rational reason why you just can’t increase the block size until lightening kicks in. Please do so because it’s pissing people off, myself included. For the time being, I’m recommending people go elsewhere for transactions.

Thank you.

Tails 3 keeps collapsing the Firefox bookmarks toolbar

November 27, 2017 at 8:59 pm | Posted in Uncategorized | Leave a comment

Ok, this is another problem that I constantly asked about. In Tails 3 and beyond, the bookmark bar annoyingly disappears upon each reboot. The tails support maillist and tails subreddit didn’t have any answers, so I looked at it closer myself.

Ok, it seems that the config file is stored in ./.tor-browser/profile.default/xulstore.json

Exact contents here:

{“chrome://browser/content/browser.xul”:{“navigator-toolbox”:{“iconsize”:”small”},”main-window”:{“screenX”:”90″,”screenY”:”117″,”width”:”1000″,”height”:”571″,”sizemode”:”normal”},”PersonalToolbar”:{“collapsed”:”false”},”sidebar-box”:{“sidebarcommand”:””,”width”:””,”src”:””},”sidebar-title”:{“value”:””}}}

Basically, this is the file that stores your bookmark bar toolbar settings. Take a look at this line:

“PersonalToolbar”:{“collapsed”:”false”}

This should be set to “false”. The funny thing is is that I tried to put the xulstore.json in the “dotfiles” directory, so it remembers the settings. But for some reason, the file gets overwritten by tails on the first loading of tor-browser.

Don’t know how to fix this and the maillists/subreddit are not helping. If someone knows a good workaround/solution, please leave a comment in my blog and I will update this blog post, so other people can benefit.

Electrum is stuck synchronizing in tails

November 26, 2017 at 11:49 am | Posted in Uncategorized | Leave a comment

I do some consulting for some clients from time to time and I notice that a lot of people have this problem. Anyway, this problem seems to be especially prevalent in electrum on tails, as it uses an older version of electrum.

Here’s the deal, older versions of electrum do not support a technology called “RBF” (Replace By Fee). RBF allows you to replace an already submitted 0-confirmation transaction with a replacement transaction that has a higher fee. This is useful if you need to speed up a slow transaction on the network. (Beware of RBF, the sender can double spend the transaction and rip you off!.)

But I digress. . .

Anyway, yeah. Tails 2.7.9 does NOT support RBF transactions, so it gets confused and doesn’t know what to do when it sees it and gets “stuck”. RBF transactions are common with bitcoin tumbling anonymizing service like bitblender. You basically have to upgrade electrum to a newer version that understands RBF.

Here are the steps:
1) Download the electrum binary from the official electrum site, https://www.electrum.org/ . MAKE SURE YOU ARE ON THE OFFICIAL SITE, THERE’S A LOT OF PHISHING SITES OUT THERE.
2) VERIFY THE BINARY. You want to do this just in case a hacker breaks into the site and puts an 0wned verison of the binary on there.
3) Backup the electrum key. in tails, this is under the /live/persistence/TailsData_unlocked/electrum directory. Either back it up in a separate directory, such as /live/persistence/TailsData_unlocked/Persistent/backups/electrum or back it up ona separate USB. Another alternative is to write down the seed on a separate piece of paper and keep that seed safe, away from prying eyes
4) Unpack the binary and put it in folder somewhere that is persistent. Example: /live/persistence/TailsData_unlocked/Electrum-3.0.2
5) Open your “terminal” window and load the binary /live/persistence/TailsData_unlocked/Electrum-3.0.2/electrum and it should run

You can create an icon on your desktop by putting a .desktop file in /live/persistence/TailsData_unlocked/dotfiles/Desktop/electrum.desktop

This is the desktop file that I use:

[Desktop Entry]
Comment=Lightweight Bitcoin Client
Exec=/home/amnesia/Persistent/Electrum-3.0.2/electrum %u
GenericName[en_US]=Bitcoin Wallet
GenericName=Bitcoin Wallet
Icon=electrum
Name[en_US]=Electrum Bitcoin Wallet
Name=Electrum Bitcoin Wallet
Categories=Finance;Network;
StartupNotify=false
Terminal=false
Type=Application
MimeType=x-scheme-handler/bitcoin;

libgconf-2.so.4 error running electron in tails

October 11, 2017 at 10:43 pm | Posted in Uncategorized | Leave a comment

I am experimenting with electron to write some quick and dirty cross-platform apps (I am not a fan of this architecture, but I’ll save that for another blog post) . So I tried to run my electron client on tails, and it gave me this error:

Linux: ./electron: error while loading shared libraries:
libgconf-2.so.4: cannot open shared object file: No such file or directory.

Hmmm. I looked into it further and it seems that libgconf is a needed
dependency on chrome these days. Upgrading from Tails 3.0 to 3.2 somehow
broke this dependency. The library is “there”, but electron is somehow
not seeing it.

Solution: create a symlink to
/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/x86_64-linux-gnu/libgconf-2.so.4
to my electron directory. Apparently, the electron binary looks for
shared libraries starting in it’s home directory. So if you symlink
libgconf-2.so.4 to the electron base directory, it will “find” it.

The tails maillist doesn’t seem to be active anymore and there is no
good support for tails, so I thought I would post this up there just in
case some poor guy runs into the same problem I ran into.

Bitcoin market cap will easily be worth in the trillions of dollars

September 10, 2017 at 9:40 am | Posted in Uncategorized | Leave a comment

I have been a big bitcoin proponent for quite some time. The current market cap of bitcoin is currently 70 billion dollars  – a lot of money to me and you but a pittance in terms of the world economy. I often wonder when this growth will slow down. I recently read an insightful post on reddit remarking on how far it can go. Was written by ZenoOnTheMoon, but re-posted here for convenience:

It’s quite easy to imagine a 2.6 trillion dollar market cap for bitcoin.

The current market value of Gold is 6.5 trillion dollars. The gold used in industry, jewelry and grills accounts for somewhere between 5 and 10 percent of the total supply, The rest of it’s value is essentially speculation on it’s ability to store value.

The perception of gold’s ability to store value, I would argue, is fundamentally based on 2 things. First, it’s relatively scarce, and second, it’s historical precedence as an accepted form of money.

To contrast this first point, scarcity, with bitcoin, I would argue that bitcoin’s scarcity is much more assured than gold’s. It’s assured digitally, in fact. Gold’s scarcity is assured only based on the fact that people think most of the easy-to-mine gold in the world has been found and mined.

To contrast the second point, historical precedence, with bitcoin, i would argue that historical precedence always gives way to technical advance. Unless there’s a mad-max scenario, the world is not going to go back to using precious metals as money. The conveniences brought about by the technological advance of bitcoin, in particular it’s uncounterfeitability, it’s perfect fungability, and it’s almost non-existent friction, are just too many.

So, the mad-max scenario aside, bitcoin could take a huge portion of that 6.5 trillion dollar gold market.

But bitcoin really goes beyond this. It’s a currency that has purposefully combined the most desirable properties of gold, and the most desirable properties of fiat (which i admit, there are not many!). Why on earth would it NOT dominate the currency market? Everything else being equal, exactly who would choose to save their money in a currency that not only could be slowly inflated into oblivion, but also had an undeniable historical precedence for being inflated into oblivion?

There are four trillion dollars changing hands every day in the forex markets. Hundreds of billions of which is just people speculating on which government is going to debase their currency fastest.

There’s at least 40 trillion dollars (USD equivalent) in government issued fiat currency, in the world, plus 7 trillion dollars worth of precious metals. Is it realistic that the greatest form of money the world has ever seen will have a 2.6 trillion dollar market cap? No, that figure is WAY TOO LOW.

It is going to crush the fiat currency markets and precious metals markets like the internal combustion engine crushed the horse and buggy, and talking about the dollar value of bitcoin will be as cute and antiquated as measuring how powerful a car’s engine is in terms of horses.

The Unabomber’s take on SJWs

September 5, 2017 at 9:38 pm | Posted in Uncategorized | Leave a comment

Every now and then I read something that completely encapsulates how I feel about a particular subject. The Unabomber just described SJW’s perfectly:

12. Those who are most sensitive about “politically incorrect” terminology are not the average black ghetto- dweller, Asian immigrant, abused woman or disabled person, but a minority of activists, many of whom do not even belong to any “oppressed” group but come from privileged strata of society. Political correctness has its stronghold among university professors, who have secure employment with comfortable salaries, and the majority of whom are heterosexual white males from middle- to upper-middle-class families.

13. Many leftists have an intense identification with the problems of groups that have an image of being weak (women), defeated (American Indians), repellent (homosexuals) or otherwise inferior. The leftists themselves feel that these groups are inferior. They would never admit to themselves that they have such feelings, but it is precisely because they do see these groups as inferior that they identify with their problems. (We do not mean to suggest that women, Indians, etc. ARE inferior; we are only making a point about leftist psychology.)

14. Feminists are desperately anxious to prove that women are as strong and as capable as men. Clearly they are nagged by a fear that women may NOT be as strong and as capable as men.

15. Leftists tend to hate anything that has an image of being strong, good and successful. They hate America, they hate Western civilization, they hate white males, they hate rationality. The reasons that leftists give for hating the West, etc. clearly do not correspond with their real motives. They SAY they hate the West because it is warlike, imperialistic, sexist, ethnocentric and so forth, but where these same faults appear in socialist countries or in primitive cultures, the leftist finds excuses for them, or at best he GRUDGINGLY admits that they exist; whereas he ENTHUSIASTICALLY points out (and often greatly exaggerates) these faults where they appear in Western civilization. Thus it is clear that these faults are not the leftist’s real motive for hating America and the West. He hates America and the West because they are strong and successful.

While I disagree with the unabomber on a some obvious key points, his manifesto does make for good reading.

“Getting Things Done” review

November 28, 2014 at 4:18 pm | Posted in Uncategorized | Leave a comment

Getting Things Done

Here’s a book I really, really liked. I read it three times, even. Called “Getting Things Done” by David Allen and it’s basically a workflow management book that bills itself as “stress free productivity”. One of the basic premises of the book is that giant to-do lists are ineffective and ends up being counter-productive over time. This is because the list gets unwieldy and intimidating with time and there is no easy way to harness the information in it. The book argues that one of the reasons people get stressed out so much is that really don’t have a good mental grasp on what is being worked on and, more importantly, what is knowingly NOT being worked on.

To sum it up, GTD is basically a collection/implementation system that organizes your to-do’s, events, and objects in your life in such a way where you can can have a better grasp on what is going on. This is done by having a good collection process, breaking up todo items into their own contexts (“at work”, “phone calls”, “out in the field”) and thinking in terms of the “next action level”, not the project level. The “next action” is basically defined as “the next little step to move this project forward”. While this may seems obvious to most, “next actions” are actually (and surprisingly) not done by most people in the real world. People tend to have no concrete notion of what the next step is, they tend to think in larger chunks. “Get oil change in car” is too amorphous. “Calling around and ask what the best deal” is something more concrete. Humans need to get into this habit.

GTD is a bottom-up system, rather than a top-down one. The results of your next action steps determine how you handle the enclosed project. And the results of your projects allow you to re-evaluate your “one level up” areas of responsibility. This creates a system that is adaptive to changing conditions so you can better go with the flow. It eschews formal “big design up-front” planning in favor of informal planning and adaptability.

A bird’s eye view of the process is as follows:

Workflow chart

This workflow system helps you understand a) what you have to do, b) what you NOT have to do at this point in time, and 3) how to view the system in a way where prioritizing is obvious. A regular review of the system is one of the key points in the system, and should be done on a weekly basis.

Personally, I use the emacs org-mode to manage and take care of the system. org-mode is excellent for viewing/managing lists in different context (check out org-mode and org-mode agenda!)

Finally, the thing I like about the book was written from a practitioner’s point-of-view, not an academic. It’s a real world system that has been refined over decades. The book is easy to read and avoids academic jargon with lots of insightful tidbits and practical advice. To an entrepreneur who has to wear many hats during the course of his workday, this book is a blessing.

Next Page »

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: