[ANN] Peerbox project

But are the ppcoind process and the wallet.dat file isolated in a separate environment so that I could run third-party applications that I don’t necessary trust? I want to be sure that that a malware can’t steal my wallet file.

with the lap top peerunity stopped, I don't see the uPnP entry

Does Peerbox utilize uPnP? I was under the impression that it does not. I personally don’t trust uPnP and always disable it on my router. You should probably just manually forward 9901 to your raspi.

I think the problem with attempting to run 2 full nodes behind NAT is that all external nodes only seek new connections on port 9901. You can change the listening port of the wallet with the “-port=” switch; however as far as I know there is no automatic way to advertise a custom port to the rest of the network so changing the default port is equivalent to running a “closed” node.

On my router I can do three things with port forwarding: 1) use a port to trigger open other ports. I have set this with using 9901 to trigger open 9901 TCP. You can’t specify which host to forward to. 2) define Demilitary Zone, which I am not using. 3) turn on or off uPnP. I can see that my laptop has opened skype TCP and UDP, and ppcoin-0.1.0 when peerunity is tunning.

: I discovered a “virtual server” option n the router which lets me forward specific port to specific IP. I set it up but it didn’t help :frowning:

as far as I know there is no automatic way to advertise a custom port to the rest of the network so changing the default port is equivalent to running a "closed" node.

From the firewall interface of antivirus software on my laptop I can see an address with port 80 which Peerunity connected to. I guess peerunity got it from talking to nodes that have the host and port specified in their config files.

ppcoind and wallet.dat are isolated, yes. However due to architecture of Linux system any process that you run as root will have access to wallet.dat.
This will change soon, as Peerbox will become multi-user.

So i’m in the club now. That was easy.

I have joined the club and set-up my peerbox!

the ip address of your peerbox, example: 192.168.1.123

In trying to debug why I only have 8 connections, I run this from a remote machine

telnet <ip-of-my-peerbox> 9901

and successfully connected to my peerbox

Trying <ip-of-my-peerbox>... Connected to <ip-of-my-peerbox>. Escape character is '^]'.

When I pressed return, I can see the LED on the peerbox blinking. It’s very cool 8)

Can I type in some command or just inquiry text from the telnet side to get peerbox answering? Can I use this to debug connection problem?

@mhps

Do not use telnet, that is obsolete for at least 20 years. I don’t know how you got the idea to use it??

[size=12pt]I’m finishing 0.21 image now, final testing :)[/size]

That is how we did things. ;D

[size=12pt]I'm finishing 0.21 image now, final testing :)[/size]

Super.

[size=14pt]New: peerbox-raspi-v0.21 [/size]

http://peerbox.me/download/peerbox-raspi-v0.21.img.gz
sha256: 3bcd615f15241382c3ad317bdceeb18ac29b65e93cfee1cb25410b66e16dd372

Mirror please!

Short changelog:

  • Added user account
  • Extra security features for kernel
  • New releases for ppcoind and openssh

For more info see first post!

[quote=“peerchemist, post:91, topic:2485”][size=14pt]New: peerbox-raspi-v0.21 [/size]

http://peerbox.me/download/peerbox-raspi-v0.21.img.gz
sha256: 3bcd615f15241382c3ad317bdceeb18ac29b65e93cfee1cb25410b66e16dd372

Mirror please!

Short changelog:

  • Added user account
  • Extra security features for kernel
  • New releases for ppcoind and openssh

For more info see first post![/quote]

Peerchemist, I’ve created two mirrors for peerbox v0.21:

Asian mirror: http://peerbox-asia.servehttp.com/

European mirror: http://peerbox-europe.servehttp.com/

Regards :wink:

[quote=“peerchemist, post:91, topic:2485”][size=14pt]New: peerbox-raspi-v0.21 [/size]

http://peerbox.me/download/peerbox-raspi-v0.21.img.gz
sha256: 3bcd615f15241382c3ad317bdceeb18ac29b65e93cfee1cb25410b66e16dd372

Mirror please![/quote]

http://coinno.de/mirror/peerbox-raspi-v0.21.img.gz

thank you both, new mirrors added

Posted on Facebook and Twitter. Peerchemist, when do you think we’ll get to the point in your roadmap where Peerbox is 99% safe for minting?

Also, I’m having a problem contacting my designer. He said he was going to work on the logo 9 days ago, but I can’t seem to get an update from him. Hopefully your logo design is going better.

[quote=“Sentinelrv, post:95, topic:2485”]Posted on Facebook and Twitter. Peerchemist, when do you think we’ll get to the point in your roadmap where Peerbox is 99% safe for minting?

Also, I’m having a problem contacting my designer. He said he was going to work on the logo 9 days ago, but I can’t seem to get an update from him. Hopefully your logo design is going better.[/quote]

thx for marketing.

q: When will it be 99% safe?

a: Difficult question. To say that with confidence all security features still lacking must be implemented and then real-life tested.
Those still missing: writing policy RBAC for entire OS, configuring PAX flags, Google authenticator, Yubikey…

First two require significant amount of work to do it right. It will take a while before this is finished, but give or take 2months to complete it.
Other two are relatively easy to implement but hard to present in accessible way.
In this case it is not all about implementing it, but presenting your solution to user. This is why there is dependency to make some sort of interface to it.
Thus I have sketched rough edges of what will be know as Peerbox Config Framework (PCF).
A very simple framework that will be used as interface for configuring various segments of Peerbox like passwords, ssh, yubikey, backup…
I will start the work on back-end and CLI ncurses based interface soon. More info on this will be posted in following weeks.

After this is complete, Peerbox will have core functionality and will be 99% secure for minting.

q: logo

a: I am in touch with my designer, but due to holidays she is a bit lazy. My “deadline” was 20.08.2014 when she accepted, so 2 more days :smiley:

With v0.21, upnp status on the router still shows to no openning of port. But manually turning on port forwarding now works! I am getting more than 8 connections now.

By the way, I wish user sunny is in ppcoind group so that I can check debug.log easily.

pps: I tried to log in as sunny from a remote machine and I got permission denied. I hope this is how it is supposed to behave because I don’t want anyone to login remotely (non-local network).

[quote=“mhps, post:97, topic:2485”]With v0.21, upnp status on the router still shows to openning of port. But manually turning on port forwarding now works! I am getting more than 8 connections now.

By the way, I wish user sunny is in ppcoind group so that I can check debug.log easily.

pps: I tried to log in as sunny from a remote machine and I got permission denied. I hope this is how it is supposed to behave because I don’t want anyone to login remotely (non-local network).[/quote]

I have yet to think of best way to deal with security of user, and make sure that compromised user can not brake the ppcoind. So I will think about this, how to deal with debug.log.

You are correct, ssh will always deny access when not on local network.

I am planning to buy a raspberry Pi and play with Peerbox.
My ultimate goal is to mint peercoins on Peerbox, beyond just broadcasting the blockchain.

Anyone knows a step by step procedure about how to mint peercoins on Peerbox?

Tks!

Some data point: when there are 35 connection the load average is 0.40, 0.44, 0.48 and CPU 23% Mem 20%

Strangely I set maxconnections=20 in ppcoin.conf. Why do I get 35 even 37 connections?

ps. the keypoolsize is sometimes 101 sometimes 102 while there is no transaction going on. Has anyone seen this?