[ANN] Peerbox project

[center]*** I recommend using it only for running node ***[/center]
[center]for Raspberry Pi only[/center]

What is Peerbox?

Intro

Peerbox is created to address security and privacy concerns regarding using cryptocurrencies. Security and quality of Peercoin client (or any Bitcoin based client) is not tested enough and it taken for granted. Most crypto coins, the other forks of Bitcoin have wallet’s that are not being used in same way as Peercoin’s wallet, that is running 0-24h connected to the Internet. They are mined with specialized software, not linked with wallet and thus coins are not exposed to attack as they are simply not connected. This kind of cryptocurrencies, the POW ones are the most popular cryptocurrencies at the moment, and this approach that takes security and privacy for granted just works for most of people. Peercoin however utilizes process called minting that requires that wallet is unlocked and then connected to at least 8 peers on the network, each and everyone of those peers now knows IP of person minting, thus enabling attack vector. Running full node is even more risky, now you connect to 20-70 peers with port 9901 forwarded. That means this port, on which Peercoin wallet is running is now completely open to anyone on the internet, exposing it to attacker. Knowing this people tend to avoid minting and risk entire network security by doing so. One way to solve this is to develop cold-locked minting where coins remain encrypted even if in minting mode. So, they are safe even if attacker does succeed and hacks the wallet. In my opinion this is not elegant solution, as it calls for changing the protocol itself and will probably cost a lot of time to develop and properly test. I do admit that it will ease a lot of minds and persuade them to start minting. Peerbox is taking diffirent approach to this, instead of dealing with Peercoin code and protocol it ensures that underlying OS is secure and limits possible attack vectors. So, it protects the wallet software and thus indirectly coins in it.

Thus, this project’s ultimate goal is to provide maximum security platform for minting and running nodes.

Security will be enforced by underlying OS, which will be hardened by default to repel most of the attack vectors.
Secondary goal of Peerbox is to provide plug&play platform for running Peercoin nodes and to allow safe minting as easily as running a wallet software.

Design

Peerbox is designed as extension to Arch Linux, well know Linux distribution which focuses on minimalism and simplicity. An ideal distribution to shape to our needs. What is important, Arch Linux provides very simple solution for building packages, it’s PKGBUILD scripts allow anyone to compile the entire OS themselves with ease. Being able to understand internals of every package and to be able to quickly learn how to make one on your own is very important to avoid centralization of knowdlege around one developer or team. Best of all, Arch Linux runs on various hardware, starting from high end servers to simple Raspberry Pi, and everything in between.

Peerbox platform uses some of well know security philosophies already used in production servers like “principle of least privilege”, limiting every process to as few right it needs to run along with chrooted environments for essential programs. Beside that, system will use Grsecurity patches for Linux kernel. Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and mandatory access control (MAC). A major component of Grsecurity is its approach to memory corruption vulnerabilities and their associated exploit vectors, which is extremely important to Peercoin since it is coded in C++, a programming language well know for memory corruption vulnerabilities.

Peerbox pules packages from upstream Arch Linux repository and pre-configures them to our needs. With dedicated package and git repository so anyone can inspect and build packages them selves, and contribute if they notice something is wrong or just feel like there is better approach. It is very important to have user understand risks and dangers involved with crypto currency. We will try to educate our users and explain what can they do to protect their data and privacy in a world that is becoming increasingly hostile to principles of free speech.
Vision

Peerbox will deliver same experience on all platforms but focus on cheap, energy efficient devices like Raspberry Pi or Beaglebone Black which are compatible to general idea of Peercoin in ecological way. Peerbox primary platforms will be those who are cheap and easy to find, as well as recycled computers and parts. Peerbox will compliment Peercoin’s goal of providing energy efficient cryptocurrency without need for high end components like GPU’s or dedicated mining hardware (ASIC’s). If ASIC is term for dedicated and energy efficient mining, then this is ASIC of PoS.

[size=14pt]How to use it?[/size]

  • It is plug&play actually, download the image/ungzip it and move it to SD card.

Please note that this image is optimized for 2GB sized card, and I don’t see any need to use more space… not in 2 years at least.
The OS itself is very lightweight (and it will become more lightweight) and peercoin’s blockchain also quite small.
Also, I want people to be able to recycle their old SD’s and give them use. This philosophy is part of all this “green” talk around Peercoin, energy saving etc. So, if you have old SD’s lying around, use them.

  • Upon boot, which is quite fast (maybe 15sec on low speed SD card) system will auto-connect to ethernet and request IP from dhcpd server.

Inspect which address is assigned for Peerbox, write it down.

  • Use proper SSH client

I’ve notice that a lot of people, notably Windows users use PUTTY for SSH connections.
You should know PUTTY is bad software, there are much better alternatives.
To keep things simple please try one of in-browser solutions:
(Look for this addons in your browsers extension repository)

Firefox: FireSSH a SSH Client for Mozilla Firefox.

Chrome/Chromium: Secure Shell

Please take a minute to check it out, it is worth it.

- Login via ssh

You may see something like this, depending on your client:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This is due to Peerbox making new public keys on first boot, don’t worry about it just accept the new key.

ssh sunny@Peerbox-ip

pass: sunny

I know some of won’t like that root user is enabled and password is so simple but I don’t see it as threat now, since it is usable only within LAN. You can change the password with “passwd” command.

Yeah, it’s that simple.

  • Check the status of Peerbox:
peerbox-info

It will display classic json-ish output where you can read if it is synced, how many connections, along with raspberry’s serial number.
For more info on this program see dedicated thread: http://www.peercointalk.org/index.php?topic=3313.0

After this please post your opinion and confirm that it is working.

[center]###########################################################################[/center]

[size=12pt]Roadmap:[/size]

  • Write detailed description of project, explaining goals and methods.

  • Finish filesystem-peerbox package

  • Package pre-configured firewall

  • [b]Use more optimal filesystem for SD cards, encrypt it

  • Package the blockchain

  • Configure and package linux-grsecurity (http://grsecurity.net/)

  • Add limited user to Peerbox, disable root account.

  • Write grsec rules for ppcoind and other important parts of system

With this release I’ll remove warning to not use Peerbox for minting. By now, Peerbox will be 99% secure.

- Shave more weight of the system

  • After this, I expect projects based on Peerbox, like user friendly interface and detached with stats, monitoring etc.

[size=18pt]
THANKS TO:
[/size]

irritant

  • for donating server and domain / supporting the idea

river333

  • for hearing me out in the first place and supporting the idea from day one

sunnyking

  • for one of the best cryptocurrencies out there

ArchLinuxArm team

  • for bringing the beauty of ArchLinux to arm platform

All the donors on peer4commit

Update 1: added documentation for ppcoind https://dl.dropboxusercontent.com/u/9689469/ppcoind.pdf
Update 2: PKGBLD git repo is now on http://peer4commit.com/projects/92
Update 3: got domain! peerbox.me
Update 4: i686 packages uploaded, please test
Update 5: Uploaded peershares packages
Update 6: Build environment on server is now configured and running
Update 7: First img release!
Update 8: Grsecurity kernel built!
Update 9: Second img released!
Update 10: Third image released!
Update 11: v0.21 released!
Update 12: v0.22 released!

I am very excited about this project. Thanks for getting it rolling so quickly! I can envision this as the beginning of some great innovations such as a secure plug-and-play usb “Peer-dongle” that could really take Peercoin to the masses!

Very good work, the more nodes the better and you are making it very easy.

Thank you peerchemist! Our community really needs inexpensive hardware we can dedicate to safe minting.

Just reading a bit about Archlinux. It looks that the real geeks even get it to run on some Android phones and tablets in some way https://bbs.archlinux.org/viewtopic.php?pid=1121797 Couldn’t figure out if it was dual boot only or whether it would co-exist. It wouldn’t have a GUI though, just the daemon. Would be great to have a minting node on an old Android phone. Something for the geeks to work out I guess.

yay! :pearcoin:

That would be awesome.
I have some very old android phones in my closet. They can even be charged via small photovoltaic array!

bump!

picking up speed :stuck_out_tongue:

  • documentation for ppcoind is out,

  • PKGBLD repo on peer4commit,

  • we have domain (thanks again irritant!)

[size=10pt]http://peerbox.me[/size] is the new home of the project

So far there is nothing but http://peerbox.me/repo/ over there so I’m inviting peercoiners with web design background to join the project.

For more info see updated post above

First image is almost ready for release, testing showed no bugs and desired plug&play functionality works as expected.

However it will be released tomorrow, leaving me time to tweak ssh settings a bit more for compatibility with outdated ssh clients like Putty.

To get a feeling how will it look like you can check out git.

rel_1 released into wild!

download @ http://peerbox.me/download/peerbox-img-rel_1.img.gz

And test!

After few weeks of compiling, tweaking, inspecting, compiling again I decided it is time to release it. Enjoy.

[size=14pt]See first post to see what’s done and how to use it.[/size]

p.s.

I could use a mirror for image, due to slowish connection on the server.

Thank you for this awesome work! Unfortunately, I don’t have a raspi, but I will try to emulate on VirtualBox Qemu and let you know if I run into any issues.

I agree, this is very exciting! Making it as simple as plugging in a small inexpensive device will really help to get more people involved.

To Peerchemist, is there anything you’d like me to announce on Facebook/Twitter/Reddit, for example that you need testers, or would you rather keep this on the down low until it’s finished?

I agree, this is very exciting! Making it as simple as plugging in a small inexpensive device will really help to get more people involved.

To Peerchemist, is there anything you’d like me to announce on Facebook/Twitter/Reddit, for example that you need testers, or would you rather keep this on the down low until it’s finished?[/quote]

Maybe major announcements when rel_2 is ready, for now I need more people on the project. So maybe you can spread the news that project has started and we are looking for Web designer to design peerbox.me. Few more people would really speed things up.

I agree, this is very exciting! Making it as simple as plugging in a small inexpensive device will really help to get more people involved.

To Peerchemist, is there anything you’d like me to announce on Facebook/Twitter/Reddit, for example that you need testers, or would you rather keep this on the down low until it’s finished?[/quote]

Maybe major announcements when rel_2 is ready, for now I need more people on the project. So maybe you can spread the news that project has started and we are looking for Web designer to design peerbox.me. Few more people would really speed things up.[/quote]

Posted on Reddit here…

http://www.reddit.com/r/peercoin/comments/28kyww/peerbox_project_secure_plug_play_os_for/

It’s also on Facebook. I’m about to do Twitter as well.

I’ve sent a message to peerchemist regarding my interest in developing a website for the peerbox project.

Hello ppctalk people!

I’m new in the forums and have been ppc mining for about 3 months now, I’m off to a decent start with my hardware and I’m definitely interested in helping the movement of Peercoin as I see it as a solid platform for crypto-currency and I see the benefits and it’s feasibility into the future beyond Bitcoin.

Oh my, this is VERY exciting.

[quote=“kinkcub, post:15, topic:2485”]I’ve sent a message to peerchemist regarding my interest in developing a website for the peerbox project.

Hello ppctalk people!

I’m new in the forums and have been ppc mining for about 3 months now, I’m off to a decent start with my hardware and I’m definitely interested in helping the movement of Peercoin as I see it as a solid platform for crypto-currency and I see the benefits and it’s feasibility into the future beyond Bitcoin.[/quote]

That’s great, welcome to the community. I look forward to seeing your website!

Here is a chat with peerchemist that I pulled. It hints toward how large of an effect this project could have on Peercoin…

Sentinelrv: Wow, the Peerbox post I did on Twitter got retweeted and favorited immediately. I don’t think that’s happened for me yet.

Cybnate: It is great, instead of PoW coins going bigger and bigger, Peercoin is going smaller and smaller.

Cybnate: I mean with coin footprint

Sentinelrv: I can imagine people in the future selling inexpensive sleek looking devices like these, where you just plug in and mint.

Sentinelrv: It would make it so easy. No complicated process or step by step guide like we have now.

Cybnate: Your savings account in a tiny box but very secure box earning money

Cybnate: No bank fees etc

Sentinelrv: Is it possible to have it running on your iPhone or Android? Like an app you download?

Sentinelrv: So you didn’t even need to buy a device? Just add it to your phone.

Cybnate: Yes, theoretically it should be possible. The GUI and install process might be the challenge.

Cybnate: I think geeks would be able to make it work by installing it at Linux level on your Android phone. Just need someone interested in doing so as a showcase

peerchemist: @Sentinelrv… about iphone/android. Yes, that is possible (fluttercoin has minting-able wallet for android already) but that is not what Peerbox is meant for.

peerchemist: @Cybnate, linux layer of Android is so limited that almost no feature I implemented in this early beta could not be ported

peerchemist: I want Peerbox to be universal term for all cheap /low-power/ recycled devices that run explicitly peercoin software

peerchemist: if you want minting on Android, we need wallet software not full OS

Cybnate: Got that, was just thinking old recycled Android phones

Sentinelrv: Ah I see, so it would ONLY run the Peercoin software and nothing else.

Sentinelrv: You should make a business around it and sell your own inexpensive device. You’d probably be the first one to the market.

peerchemist: @Cybnate… yes, that could go. Maybe in a while I’ll try to port this into chroot (to run Peerbox on the Android), that stuff is not possible but not optimal

peerchemist: @Sentinelrv… my plan for now is to enable anyone interested to use their devices to run Peercoin node/ personal wallet for minting with little effort

peerchemist: like PoW coins have specialized “mining” linux distributions this would be dedicated OS for minting, safely and easily

peerchemist: the ASIC of PoS

peerchemist: however I’m not satisfied by response of community to this… I think people don’t understand it’s benefit

Cybnate: I think there is a market in itself for repurposing old smartphones. There must be so many out there and this will only grow

Cybnate: ASIC is flash new and expensive hardware, PoS is repurposing old devices and encouraging miniaturisation

Cybnate: And I see what you mean with benefit of dedicated OS regarding security. Security is hard to sell and undervalued. So I think you are on the right track, but people might not fully comprehend the benefits yet

Cybnate: Usually something bad has to happen before security is appreciated

peerchemist: that is what I’m talking about… PoW coins need their high end expensive hardware,… and we can refubrish old devices with this. It is our ASIC

peerchemist: about security, I’m sure I can make it 98% secure for minting even without cold storage minting

Sentinelrv: The ASIC of proof-of-stake. That has a nice marketing ring to it! :smiley:

Sentinelrv: “Peerbox, The ASIC of Proof-of-Stake.” Yeah, I’d say people aren’t realizing how big this could be.

Cybnate: it is like the competition between petrol cars and electric cars. There are more petrol cars and they will be around for a while, but the future is (semi-)electric and most of the innovation will be focussed on that. Guess who wins in the long term

peerchemist: @Sentinelrv, yeah :smiley: The ASIC of proof of stake is what I called it in my original thread :slight_smile:

peerchemist: I’m glad you guys see it

I posted it on Reddit here…

http://www.reddit.com/r/peercoin/comments/28odsx/creator_of_peerbox_os_calls_it_the_asic_of/

This was posted on Reddit, in case it makes any sense to you…

"would be possible to make an ultra secure version? i'm thinking something that cannot be accessed from outside (no ssh, etc...) just the ppc port open. one could put 2 sd cards, one with the OS and one with the wallet."