Nostr Web Client

#Linux for Bitcoiners. 🐧🐧🐧

1. Enable the firewall. This limits all incoming connections, forcing you to explicitly allow connections (ex: incoming Bitcoin core peers) as they're needed.

2. Install and enable Opensnitch, an application firewall that limits all outgoing connections, forcing you to explicilty audit every binary's attempt to communicate out to the internet. This will make visible all the network traffic on your machine and snitch on programs

3. Install and periodically scan for malware usijf clamav, rkhunter, and chkrootkit. This will give you a sense of whether your machine has been pwned by a known exploit.

4. Use a minimal Linux distro like Zorin Lite. Remove all unused apps. Install needed apps through Snap/Flatpak (built in). Install OS with full disk encryption enabled.

5. Neuter hardware backdoors in your BIOS by flashing your machine with Libreboot or Coreboot. For extra bonus points, install HEADS to cryptographically detect evil maids.

6. Dump Firefox LibreWolf. Use Tor when anonymitiy is needed. Use LibreWolf + Mullvad/iVPN when a whitelisted IP is needed.

7. Isolate your #Bitcoin usage (savings) to a dedicated machine away from your daily driver. Consider running your entire Bitcoin stack (node+coordinator) enclosed on one machine. If leaving machine on to sync blocks, use Sparrow to keep your wallet encrypted at rest.

Reply to this note

Please Login to reply.

Discussion

captjack 🏴‍☠️✨💜 2y ago

hadcore way huh😂

Laser 2y ago

Not for your life savings!

udon 2y ago

We also have to find a keyboard which can replace it's cable of minimum length that is properly shielded, when it's sold at good price right?

Ralphy 2y ago

I like it, couple questions:

How do I install libreboot or core boot? I didn’t know you could flash a new bios on a modern thinkpad (t460s)

Any thoughts on brave browser (with all the crptonbs turned off)?

I’ve been on mint for years and like it, think trying to transition to Zorin lite is worth it?

Laser 2y ago

The Libreboot site lists supported hardware. You need a bios programming chip (cheap on Amazon). Freeing your bios is a dorky thing but valuable to learn. Here's a vid that'll give you a sense for it (Mental Outlaw is great) - https://www.youtube.com/watch?v=WyItt8FJWIs

Laser 2y ago

I prefer LibreWolf to Brave; no commercialization or shitcoins, just stripped and hardenered Firefox.

I ran a comparison test a few months ago and saw that both LibreWolf on Linux and Bromite on Android ourperformed Brave in terms of privacy/safety. Forgot which site I used.

Laser 2y ago

Linux Mint is a solid option based on Deb/Ubuntu; for your daily driver I wouldn't change. Pop and Zorin are also great daily driving OSes.

For your dedicated Bitcoin machine I do recommend something slimmer like Zorin Lite.

BitBurn 2y ago

There are x200's on ebay w/o OS's for a couple hundred bucks. This should be fun!

Laser 2y ago

You get it. I have a big stack of ThinkPads.

Relatively Irrelevant 2y ago

What do you use for backups that provides a bare metal recovery option? A free but commercial solution like Veeam Backup and Replication, or something else?

Laser 2y ago

I prefer to run my machines in such a way that nothing critical resides on them. I use ansible to configure them in a uniform way. All critical data is "in the cloud".

GermanHodl 2y ago

Thank you, added to my to do list! #[0]

If(halving >=64) {return 0;} 2y ago

100% Agree ✍🏽

antifragilemoney 2y ago

zapped

Laser 2y ago

ty, sir