Stever's blog

Upgrading electrum on tails to 3.3.4

I see a lot of requests on reddit asking how to install the new version of Electrum on Tails. So I thought I would create a blog post showing people how to do it. There’s a lot of things you have to type so you might want to copy and paste this into a text file and load it on a USB, so you can copy and paste certain commands back into the commandline.

Currently, the running version of Electrum on Tails is insecure because it allows nodes to broadcast messages that can potentially be phishing attacks and trick users into downloading malware. Electrum 3.3.3 and above can mitigate such attacks. Currently, the latest version of Electrum is 3.3.6, so I’ll write about that.

First off, whenever you make “weird changes” to whatever you are doing, even in general, you should make a backup. This is doubly true if this involves money. My recommendation is to use the Tails official backup procedure here: https://tails.boum.org/blueprint/backups/ . There are a actually a couple of ways you can backup Tails. If the official article is somehow unsatisfactory, I can write another “how to” article later.

Ok, boot to Tails. We have to be able to login as “administrator” for what we need to do, so when we login, press the “+” sign on the bottom left hand of the screen:

Then double-click on “administration password” and set the password to any arbitrary password you like. (This, by the way, allows you to execute the “sudo” command which gives your Tails account temporary root privileges. This password is forgotten on the next reboot, so it won’t introduce any security problems once we’re done).

Now that we are logged in, we have to make sure the persistent folder has correct settings. Go to Applications -> Tails -> Configure Persistent Volume:

From there, make sure that the “dotfiles” switch is set to “on” and click “save” button:

Now, we can begin upgrading the Electrum wallet. The next step is to verify the binary’s validity. There are a lot of “scam wallets” going around where people download the wrong binary which then steals money. A hacker can also theoretically hack into the website and change the binary as well. So any binary that is not part of the official Tails distribution should be verified that is hasn’t been tampered with. One of the maintainers of Electrum is “ThomasV” and his GPG key is here:
https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc
gpg signature: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

Notice the high number of stars in the GitHub page. This means that a lot of people are saying “yep, I like this key”. I also recommend searching for this fingerprint on multiple search engines such as DuckDuckGo, Bing, and Google so you can cross-verify and make sure that is the REAL “ThomasV” in question. Don’t trust one particular source for GPG keys, just in case that source gets hacked or is somehow untrustworthy.

Anyway, save the key to your Tails distribution. Visit this webpage https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc, and highlight the text of the key, right click and press “copy”.

Then open gedit, which is the text editor to Tails:

Now paste the key, and then save it as “thomasv.key” in the “Tor Browser” directory.

Next, open “tor browser directory”:

in nautilus and double click the key. This will import it:

Once it’s imported, you have to then “sign” the key. By signing the key, one of the things you are doing is indicating “I trust this key as valid and I made sure that it’s owned by the actual ‘ThomasV’ in question.” You can verify the key by comparing the signatures with people who you know have the correct key (googling the fingerprint and verifying with multiple sites helps). The particular GitHub account we got our key from is heavily starred, and a google search shows a lot of references to it, so we have a reasonable assurance that it is the real one. I have also personally used this particular key for years with that exact signature, so I can personally attest that the signature with the following key is valid:

6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

There are web-of-trust benefits to signing the key, but I won’t go into that for now. Ok, now let’s sign the key.

Click on the clipboard icon, on the upper right hand corner of the screen, and then select “Manage keys”:

When the dialogue box comes up, click on “GnuPG keys” on the left, then scroll down until you find the key you want to sign (in this case ThomasV), right click and press “properties”.

From there, you’ll get this dialogue box, so click on the trust tab and then press the “sign this key” button:

We did a reasonable search for the key, so let’s click on “casually searched”. Also click on “others may not see this signature” for correctness. Then click the “sign” button:

We have now successfully signed the key.

Ok, now that is done, we can download electrum. Download the AppImage binary and the appropriate signatures from this webpage:
https://electrum.org/#download

The “AppImage” version of Tails is a self-contained version of Electrum with all the appropriate libraries and python version encased in one file. Currently Electrum 3.3.6 uses a version of python that the current version of Tails does not support (3.12.1). So the AppImage is your only recourse.

Ok, so once you download Electrum and it’s signature file, you can now verify the signature. Navigate to the “Tor Browser” directory you were in earlier, and right click the electrum-3.3.6-x86_64.AppImage.asc file and click “Open with Verify Signature”.

Once that goes through, it should hopefully give you a “good signature” emblem on top:

The “good signature” line shows that the binary has not been tampered with and is safe to put on the system. This is because we verified that it was digitally signed by a well-known hacker with a good reputation.

Ok. Next steps. We have to create some folders in an a appropriate directory. We do this because Tails has an ephemeral filesystem mostly, with only a few key directories that are “remembered” between each bootup. The “Persistent” folder is one of those folders.

So let’s return to the command terminal and type these commands (or copy and paste if you prefer):

sudo mkdir -p /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications
sudo chown -R 1000:1000 /live/persistence/TailsData_unlocked/dotfiles/
mkdir -p /home/amnesia/Persistent/bin/
mkdir -p /home/amnesia/Persistent/conf/electrum/

If the sudo command asks for a password, use the “administrator account” password that you setup when you booted Tails.

Ok, next go back to “Tor Browser” window and right click the AppImage files. From there click properties:

Click on the permissions tab and click on “allow executing file as program”:

This makes the file “executable” meaning it turns the file into an “app” that Tails can run. Then right click and rename file to “electrum.AppImage”.

Then open the persistent directory:

and drag the “electrum.AppImage” over to “Persistent/bin”

It’s best to be extra cautious about bitcoin wallets, so we are not going to “write over” the old bitcoin wallet, we are going to create another wallet and put it in a separate directory. (Conservatism is an important concept in the bitcoin world). So let’s open your old electrum wallet and copy the seed. You can do this by going to Wallet -> Seed on your menubar and writing it down or saving it to a file in your persistent partition.

Keep these words in a safe place and don’t give it to anyone! Your seed is a “second layer” of defense in case you somehow screw up the upgrade process. If upgrading your wallet does not work for some reason, you can always re-create a new wallet, type the seed words back in and be able to recover your bitcoins through your seed words. So make sure you don’t lose that seed!

Once we have the words stored in a safe place, let’s go ahead and make the bitcoin icon point to the new version of Electrum that we just put on the persistent folder.

Go back to your terminal window and type the following:

gedit /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

When gedit opens, copy and paste the following:

[Desktop Entry]
Comment=Lightweight Bitcoin Client
Exec=/home/amnesia/Persistent/bin/electrum.AppImage -D /home/amnesia/Persistent/conf/electrum/
GenericName[en_US]=Bitcoin Wallet
GenericName=Bitcoin Wallet
Icon=electrum
Name[en_US]=Electrum Bitcoin Wallet
Name=Electrum Bitcoin Wallet
Categories=Finance;Network;
StartupNotify=false
Terminal=false
Type=Application
MimeType=x-scheme-handler/bitcoin;
Actions=Testnet;

Then save.

Go back to your terminal and type:

sudo chmod +x /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/electrum.desktop

Go to Places -> Computer on the upper left hand corner of the screen. Once it opens, Press ctrl-l and type this in the directory:

/live/persistence/TailsData_unlocked/dotfiles/.local/share/applications

There should be an “Electrum” icon there, double click on it then click on “trust” (we verified the binary so we know we can trust it). When the new wallet comes up, go install the Electrum wallet like you normally would, but select “standard wallet” and “I already have a seed”.

When the prompt comes up, paste the words of that seed that you entered earlier and click next. When Electrum comes on, it should show your old “history of transactions”. Make sure you can see them.

Next, we have to tell Electrum to use the Tails proxy to communicate. Go to tools -> network in the menu:

Then click on the proxy tab and tell it to use the “Tor Proxy at port 9050”:

Reboot Tails, re-login and click on Electrum icon on your menu, it should bring up the new version of Tails:

Send a small test transaction to another wallet and make sure it works.

If there are any errors with this blog post, please leave a COMMENT and I can fix it.

LocalWords: Electrum AppImage

Why I think “Black Lives Matter” is a stupid movement

A picture is worth a thousand words. . .

I actually had to put this sign on my Bitcoin ATM the other day

A customer came in the other day and put $200 in my BTM – and he only got $40 out. I called CoinCloud and yeah, it was $16 coincloud fee and $144 bitcoin miner fee. And he guy was PISSED. It’s getting to the point where I’m telling people to just not buy bitcoin at all. I just tell them to use litecoin or ethereum or bitcoin cash or something. Anything but bitcoin.

Dear BitAccess: please get off your collective ass and put some other altcoin on your machine other than bitcoin. Bitcoin is stupid now. Ill be happy with anything other than bitcoin.

Bitcoin Core: there is no rational reason why you just can’t increase the block size until lightening kicks in. Please do so because it’s pissing people off, myself included. For the time being, I’m recommending people go elsewhere for transactions.

Thank you.

The Unabomber’s take on SJWs

Every now and then I read something that completely encapsulates how I feel about a particular subject. The Unabomber just described SJW’s perfectly:

12. Those who are most sensitive about “politically incorrect” terminology are not the average black ghetto- dweller, Asian immigrant, abused woman or disabled person, but a minority of activists, many of whom do not even belong to any “oppressed” group but come from privileged strata of society. Political correctness has its stronghold among university professors, who have secure employment with comfortable salaries, and the majority of whom are heterosexual white males from middle- to upper-middle-class families.

13. Many leftists have an intense identification with the problems of groups that have an image of being weak (women), defeated (American Indians), repellent (homosexuals) or otherwise inferior. The leftists themselves feel that these groups are inferior. They would never admit to themselves that they have such feelings, but it is precisely because they do see these groups as inferior that they identify with their problems. (We do not mean to suggest that women, Indians, etc. ARE inferior; we are only making a point about leftist psychology.)

14. Feminists are desperately anxious to prove that women are as strong and as capable as men. Clearly they are nagged by a fear that women may NOT be as strong and as capable as men.

15. Leftists tend to hate anything that has an image of being strong, good and successful. They hate America, they hate Western civilization, they hate white males, they hate rationality. The reasons that leftists give for hating the West, etc. clearly do not correspond with their real motives. They SAY they hate the West because it is warlike, imperialistic, sexist, ethnocentric and so forth, but where these same faults appear in socialist countries or in primitive cultures, the leftist finds excuses for them, or at best he GRUDGINGLY admits that they exist; whereas he ENTHUSIASTICALLY points out (and often greatly exaggerates) these faults where they appear in Western civilization. Thus it is clear that these faults are not the leftist’s real motive for hating America and the West. He hates America and the West because they are strong and successful.

While I disagree with the unabomber on a some obvious key points, his manifesto does make for good reading.

“Getting Things Done” review

Here’s a book I really, really liked. I read it three times, even. Called “Getting Things Done” by David Allen and it’s basically a workflow management book that bills itself as “stress free productivity”. One of the basic premises of the book is that giant to-do lists are ineffective and ends up being counter-productive over time. This is because the list gets unwieldy and intimidating with time and there is no easy way to harness the information in it. The book argues that one of the reasons people get stressed out so much is that really don’t have a good mental grasp on what is being worked on and, more importantly, what is knowingly NOT being worked on.

To sum it up, GTD is basically a collection/implementation system that organizes your to-do’s, events, and objects in your life in such a way where you can can have a better grasp on what is going on. This is done by having a good collection process, breaking up todo items into their own contexts (“at work”, “phone calls”, “out in the field”) and thinking in terms of the “next action level”, not the project level. The “next action” is basically defined as “the next little step to move this project forward”. While this may seems obvious to most, “next actions” are actually (and surprisingly) not done by most people in the real world. People tend to have no concrete notion of what the next step is, they tend to think in larger chunks. “Get oil change in car” is too amorphous. “Calling around and ask what the best deal” is something more concrete. Humans need to get into this habit.

GTD is a bottom-up system, rather than a top-down one. The results of your next action steps determine how you handle the enclosed project. And the results of your projects allow you to re-evaluate your “one level up” areas of responsibility. This creates a system that is adaptive to changing conditions so you can better go with the flow. It eschews formal “big design up-front” planning in favor of informal planning and adaptability.

A bird’s eye view of the process is as follows:

This workflow system helps you understand a) what you have to do, b) what you NOT have to do at this point in time, and 3) how to view the system in a way where prioritizing is obvious. A regular review of the system is one of the key points in the system, and should be done on a weekly basis.

Personally, I use the emacs org-mode to manage and take care of the system. org-mode is excellent for viewing/managing lists in different context (check out org-mode and org-mode agenda!)

Finally, the thing I like about the book was written from a practitioner’s point-of-view, not an academic. It’s a real world system that has been refined over decades. The book is easy to read and avoids academic jargon with lots of insightful tidbits and practical advice. To an entrepreneur who has to wear many hats during the course of his workday, this book is a blessing.

Atlas Shrugged

A dumb person’s idea of what a smart book is

Bright Star

One of my favorite movies:

Which is unusual because i usually hate romance movies. I liked this one though. It’s intelligent people talking about intelligent things.

Occupy LA

I went to Occupy LA on sunday, here’s a picture:

I’d estimate there were 1500 people there or so (possibly more). It’s gotten a lot bigger since I first started going there a few weeks ago. They actually have sections now – a kids section, a medical section, a food section, etc. NoFX played a benefit concert today (which I annoyingly missed), but it’s cool, it’s still a great place to hang out and meet people.

It also turns out the police just evicted everyone yesterday (tuesday night). About 1400 cops made about 200 arrests or so. People stayed anyway. I’m also a bit irked that the lapd got to decide which media outlets got to cover the eviction. What is this, communist china? hhhhhh. I got most of my news from twitter, it ends up being a more accurate source than Big Media anyway. It will be interesting to see what happens. My guess the occupiers ultimately won’t leave. At most, it will reconvene at pershing square or something, no big deal.

That’s it, I’m bringing my tent there next weekend and sleep there. I need to catch up on some reading on some hacker shit and it’ll be best to do it there.

Kelly Bartlett poems

I came across a few poems from a young girl (age 11) a few years back on about.com. “Kelly Barlett” was her nom de plume. I’m putting this out on the internet in the hopes someone knows of her whereabouts. She’s 24 now and I assume she has a blog or something out there. Perhaps she’s even published. If anyone knows who she is, please reply. Her output at such a young age is amazing.

Summer Sprite
by Kelly Bartlett
age last edited: 11

See the delicate hummingbird,
As tiny as a baby’s thumb.
Zooming through the flower garden,
Sipping sweet elixir from each mum.

His exquisite plumage sparkling,
In the summer’s radiant sunlight.
Like wee precious diamonds,
Iridescent colors seem to ignite.

Flitting from flower to flower,
As rapid as the eye can blink.
To each blossom he will zoom,
Delicious nectar he will drink.

A diminutive flying wizard,
Darting sideways and upside down!
Hovering almost stationary,
From morning’s first light to sundown.

What a wonderful acrobatic aviator,
Performing truly Amazing stunts!
To each bouquet he skillfully zips,
Imbibing the sweet juice more than once.

Secret Love
by Kelly Bartlett
Age last edited: 11
Georgia, USA

Why can’t I tell you how I feel?
How much I love and adore you,
This affection I have for you is real.
I know you have these feelings too.

You must be as bashful as I’m.
In class I can feel you staring each day,
But when your eyes meet mine
You become embarrassed and look away.

We talk for hours on the phone,
And time goes by so fast,
When we hang up I feel empty and alone.
I wish our talks could last and last.

When I look in your brown eyes,
I get a funny feeling inside.
You are different from the other guys.
I blush and get all starry-eyed.

At lunch you always sit near by,
But we just make small talk and smile.
Why are we both so painfully shy?
Why do we both live in denial?

Alan Kay on presentations

I have always been an admirer of Alan Kay. In case you don’t know who he is, he’s one of the fathers of object oriented programming. He was also heavily involved in the creation of the graphical user interface back in the 1970’s. Anyway, I wrote to the receptionist of his company asking a question about his presentations and, shock of all shocks, he actually wrote back!

This is what he had to say:

Hi Steve,

Thanks for your kind words. I didn’t use any books to learn how to give presentations (but I most certainly did have to learn!). I was inspired by Seymour Papert who, when I asked him how he was able to be such a great presenter, told me that he had spent two years learning to “write and present to teachers”. This got me going trying to find my own solutions.

I forget what is in that reading list, but there could be a few books about the nature of theater. “The Magic Mirror” by Robert Nathan is a good one. Theater (like most arts, especially the visual ones) is all about trying to answer the question “What do we have to show the audience to get them to ‘remember’ deep things about the subject matter?” It is not about conveying information (and, the pace and short time duration are wrong for trying to teach anything but the most incremental notions).

What we are trying to help them do is get a glimpse of ways of looking at things that have not occured to them, and would be powerful if they were willing to put further effort into doing real learning.

I think the other key (which people do not like to hear) is the amount of prep it actually takes. For a 1 hour talk I never spend less than about 4 hours preparing, and often spend many 10s of hours preparing.

Part of the reason is that I need to do what it takes to reengage me in what the talk is about — what is really important, what is really cool about all this — so when I do the talk what you are hearing is just exactly how excited I feel about the ideas and the ways of looking at them. I never try to fake this.

This reengagement is the key to performing for an audience, and it is something that is familiar to every actor and musician, etc. Otherwise what one is doing is repeating rather than recreating, and it’s the recreation that produces the shared excitement.

Another thing I do which most people don’t is to give my talks in our own dynamic media. Using something like powerpoint is silly when the subject is computing (even those rare occasions when someone actually understands how to use something like powerpoint).

Bottom line: quite a bit of success in giving a talk is directly related to just how much the speaker cares about the audience and how they are trying to help the audience. From this, the learning and prep that the speaker actually needs to do follows pretty straightforwardly.

Cheers,