Some thoughts on running nodes and minting via raspberryPi

After some discussion with /u/river333 I’ve decided to start a debate on running nodes and minting with emphasize on security.
Latest trend is to urge and tip people for running full nodes on their rasperryPi’s. Why not, it is holly grail of crypto. To keep the network strong with extremely low-power machines. That is the message we want to show, right “Peercoin is green”? As for minting, it is also a lot cheeper then GPU’s or ASIC’s.

However I’m concerned about this trend. I’m paranoid.
Security and quality of peercoin client (or any bitcoin client) is not tested enough. Most coins (the other forks of bitcoin) wallet’s are not being used in this way (running 0-24 with coins inside). They are mined with specialized software, not linked with wallet.
Peercoin minting requires that wallet is unlocked and then connected to 8 peers on the network, each and everyone of those peers now know IP of person minting, thus enabling attack vector.
Running full node is even more risky, now you connect to 16-30 peers and with port 9901 forwarded! That means this port, on which peercoin wallet is running is now completely open to anyone on the internet. I see an attack vector.

I’m not an expert, I know this stuff due to using linux for many year and reading forums and wikis that are written by people who know their shit. Programs are full of bugs, developers make mistakes, sometimes not even a piece of software that you use within your program contains critical bugs (remember heartbleed?).

Do we know for sure that peercoin wallet is bug-free. We don’t know is it possible to hack into it via port 9901.
For example (just a theory), is it possible to overflow some buffer? http://en.wikipedia.org/wiki/Buffer_overflow

Programming languages commonly associated with buffer overflows include C and C++, which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the boundaries of that array. Bounds checking can prevent buffer overflows.

Peercoin is coded in C++.

Do we know that is is definitely not possible to access the filesystem of computer running peercoin wallet by using such attack vector?

Now, about raspberryPi’s and running nodes.

Those manuals that showed up here on forum are very simple and easy to follow, but they take security for granted.

Peercoin-qt or peercoin daemon is being run as a normal user. Read this if you don’t know enough http://docstore.mik.ua/orelly/networking/puis/ch04_01.htm

Linux/Unix is more secure then other OS due to “multiuser” enviroment. That means it is possible to run something as a “dummy” user that has little or no access to “other parts of computer” (OS). So, let’s use this feature.

Classic use scenario of minting on raspberryPi:

• Install OS on rasPi

• Install peercoin wallet

• set up, configure, run

This is all done as default user, default by installation.
In this case, peercoin wallet program is on the same privilege level as YOU. So, this peercoin wallet “see’s”, and can read/write/move/delete everything YOU can. So, if it is compromised it can do whatever you can do, ie delete your photos, delete your wallet.dat etc.
This sounds too risky if you ask me. We don’t know peercoin’s wallet enought, it is just not tested enough.

So, what I did since I’m paranoid is to use this security features of linux system.

More secure approach:

• Install OS on rasPi (ArchLinux ARM)

• Install peercoin - daemon as systemd service (https://aur.archlinux.org/packages/ppcoind/)

(this also enables peercoind to run as “fictional”, dummy user that has no access to anything)

• set up /home/user/.ppcoin/peercoin.conf (so you as a user can communicate with daemon)

• set up /etc/ppcoind/ppcoind.conf

• set up separate partition in which wallet.dat and blockchain will reside, which can also be used only by that dummy user and has not “executable” flag, meaning that no binaries are able to start from this partition (if attacker injects some malicious program, it will not run)

This approach has several benefits.
Systemd will autostart ppcoind upon system boot, and if it “dies” (stops working for some reason) it will automagicaly restart it.

In this scenario, is peercoin wallet is compromised it can not harm the system, nor access my files (in home folder). Because it can not access it. It can still access wallet.dat, however. This will not help to stop this from happening.

I hope this you can understand this, if you have question please ask. And if I took this too far, being paranoid etc please debunk me.
In my next post I will propose some other security features.

I propose designing and building official OS for minting/running node on raspberryPi.
If we aspire for safe minting and try to enable “cold lock minting”, this is next logical step.

Such OS (distribution) needs to be “plug and play” to enable people not so involved with computer security or linux to use it with ease.
It needs to be secure by design as much is possible, using all security features that are know and start to implement new ones.

Plan of action

• Sketch what needs to be done, allocate resources

• Invite people who know stuff

• Design first prototype

• Encourage testing, maybe hire professionals for security reviews?

• Cross post first development images and discussions on raspberryPi forums, draw new people to our cause to participate in project.
  People love to thinker, and raspberry pi guys love to do new stuff with their machines. With this this gives them a chance to learn something new, contribute and ultimately learn about cryptos and Peercoin.
  In a way, this is marketing for Peercoin, taping into wast community surrounding raspberry pi (someone photoshop that “now kiss” meme with peercoin and raspberry logo?).
  More people, more experts and more guys who know their shit (not just me and my semi-literate rantings about security) equals more complete product.

• Having this in the works will ring some bells in crypto world, showing that this community is working on something big (expect copycats in this stage too)

• Complete product, people can now download and plug and play their Peercoin minting/node distro and within minutes contribute to network in a secure way. This will be the ASIC of minting

• Network grows, more users for peercoin

• the moon?

You’re not going to far. I think alot about this. Before cold minting is impl I think its smart to divide stake into more thenn one wallet and then cycle through them.

Thanks for posting all of this. I have updated the FAQs on the RPi tipping thread to advise people not to use their full node for minting. This shouldn’t affect that project by the way, as its goal is to increase the number of RPi nodes (not to increase the numbers minting).

I would love to see us develop an official OS for Raspberry Pi. Once the discussion has developed a bit on this subject, it can be set up on peer4commit. This will also attract RPi experts to help develop it.

I have balls and I’ll port forward many ports and will also keep the default password. I figure that I’m one lucky dude that don’t need this “safety thing” (its only for computer neiiirds anyway) :pbjt:

+1 for an official “secured” Rasperry Pi Peercoin Minting OS ! :pbjt:

[quote=“peerchemist, post:2, topic:2377”]* Cross post first development images and discussions on raspberryPi forums, draw new people to our cause to participate in project.
People love to thinker, and raspberry pi guys love to do new stuff with their machines. With this this gives them a chance to learn something new, contribute and ultimately learn about cryptos and Peercoin.
In a way, this is marketing for Peercoin, taping into wast community surrounding raspberry pi (someone photoshop that “now kiss” meme with peercoin and raspberry logo?).
More people, more experts and more guys who know their shit (not just me and my semi-literate rantings about security) equals more complete product.

• Having this in the works will ring some bells in crypto world, showing that this community is working on something big (expect copycats in this stage too)

• Complete product, people can now download and plug and play their Peercoin minting/node distro and within minutes contribute to network in a secure way. This will be the ASIC of minting

• Network grows, more users for peercoin

• the moon?[/quote]

I applaud you peerchemist. And, I agree we can attract many experts from RPi community who may now want to get into cryptos by way of Peercoin!
:happy fourth:

would you want to work with Tea42 on this

edit: @peerchemist you’re linking to the old version https://aur.archlinux.org/packages/ppcoind/ 0.3.0

[quote=“irritant, post:8, topic:2377”]would you want to work with Tea42 on this

edit: @peerchemist you’re linking to the old version https://aur.archlinux.org/packages/ppcoind/ 0.3.0[/quote]

I’ve linked the idea. See the comment that is under the package (this with systemd is idea by this guy who created the package, but he’s gone for a long time it seems)

If Tea42 answers here and shows interest, I don’t see why not.

I’m more worry of losing coins on sillier ways such as using mobile phone to generate privatekey and turns out the jslib has bug, trojan, phlishing crap, machine has not enough entropy when generating wallet, using the same address over and over and oneday some cryptowolfs chase it down

It would be great if such a secure image would be developed and released on the official page. But it takes a lot of time and effort, and that’s where problems arise for me… I’m finishing up a script to convert my peercoin-raspi installation into a full node with some auto (re)start features of the client, but after that I’ll have to slow down a notch.

But I mostly agree with your points. I do think the peercoin-raspi installation on itself is secure enough, as only 9902 is open, and rpc only listens to local calls in the OS. There are no browsers, mail clients etc to use, so there arent many ways to attack that pi, except physically breaking in and taking the sd card

But the full node is more open, that’s correct, and attacks dont have to come from outside, they can happen inside your own home network from an infected computer/tablet/whatever. So running a full node with coins in your wallet is probably risky.

It would be awesome if a super secure pi image would be developed. If you want to start the project, I think it would be best to set it up in peer4commit, and have multiple people participate, as it’s just too much for one or two persons. I’d be glad to help where I can.

I have a couple questions:

1. Should this be focused solely on the Raspberry Pi, or on developing an OS that can be used on any hardware? I’m wondering if the Raspberry Pi is really ideal for secure minting with large amounts, given that SD cards can have a fairly limited lifespans. Also if/when the RPi becomes obsolete.

2. Is developing this something that we could realistically achieve at the moment?

[quote=“river333, post:12, topic:2377”]I have a couple questions:

1. Should this be focused solely on the Raspberry Pi, or on developing an OS that can be used on any hardware? I’m wondering if the Raspberry Pi is really ideal for secure minting with large amounts, given that SD cards can have a fairly limited lifespans. Also if/when the RPi becomes obsolete.

2. Is developing this something that we could realistically achieve at the moment?[/quote]

I’m glad you asked about this.

1. Should we focus on solely rasPi. No.
   I see hundreds of even cheaper devices that can do the job.

My plan is to develop an “extension” for an existing OS. My eye is on ArchLinux ARM (http://archlinuxarm.org/).
As you can see (http://archlinuxarm.org/platforms), it already supports quite a few devices and I’m sure they will support many new to come.

About SD cards. I don’t think SD card will wear out for this purpose within reasonable life expectancy of 3 or 5 years.
Peercoin wallet does not write so much on card (multiple times less then torrent client for example).
There are also specialized file systems in the works for SD cards, promising even greater life expectancy.

2. Absolutely yes.

First step (at least if you ask me) would be setting up semi official/official repository for ArchLinux (armv6h, x86, x86_64 platforms included). That alone covers at least 20% of expected work, and it costs hosting a server with cca. 200MB of free space and maybe a 1GB of traffic/month.
In the repo, packages would be placed. Packages that would include ppcoind + systemd config files.
With such repo, a person would save about 3-4h of time to set up Raspberry Pi in a way I did it.

And then you move on, make snapshot of such system (after enough testing and feedback) and there you have first development image.

[quote=“river333, post:12, topic:2377”]I have a couple questions:

1. Should this be focused solely on the Raspberry Pi, or on developing an OS that can be used on any hardware? I’m wondering if the Raspberry Pi is really ideal for secure minting with large amounts, given that SD cards can have a fairly limited lifespans. Also if/when the RPi becomes obsolete.

2. Is developing this something that we could realistically achieve at the moment?[/quote]

My response to this is that I think that we should create a new domain, named something like www.how-to-mint-peercoins.info which would display information taken from a github project.

The information should be dedicated to detailing how to do minting on all kinds of platforms. Everything from in depth security stuff to super-easy youtube videos with step-by-step instructions that my grandpa could follow.

Doing it so, I think more people would be able to step on board (not everyone wants to buy a raspberry pi) and it would be easy to link to (people not used to forums, could be confused by reading forum threads).

The site could even feature links to popular places where people could buy minting hardware and then when we have finalized an image for raspberry pi, then this image could of course be obtainable from the site.

I might be wrong. This might be stupid. What do you think? :pbjt:

Can some more people please give their opinions on this? I’m surprised there isn’t more interest given that this could be a helpful step in encouraging large holders to start minting.

I’m also wondering whether it could use Peerunity instead of Peercoin, or even have a separate version for Peershares. Since security would be even more important for businesses using Peershares, I would imagine having a dedicated secure OS would be useful.

This definitely should be a peer4commit project.

I configured today a Raspberry Pi as a full node and I am already wondering how I’ll manage the next Peercoin version upgrade.

Being able to do a simple “apt-get upgrade” would be just wonderful

Previous related thread: http://www.peercointalk.org/index.php?topic=2335.msg19020#msg19020

This definitely should be a peer4commit project.

I configured today a Raspberry Pi as a full node and I am already wondering how I’ll manage the next Peercoin version upgrade.

Being able to do a simple “apt-get upgrade” would be just wonderful

Previous related thread: http://www.peercointalk.org/index.php?topic=2335.msg19020#msg19020[/quote]

Thanks for linking that thread, I had forgotten about that.

Is someone here willing to set up the repo for this? If there is then please go ahead. Here’s what peerchemist said is needed:

First step (at least if you ask me) would be setting up semi official/official repository for ArchLinux (armv6h, x86, x86_64 platforms included). That alone covers at least 20% of expected work, and it costs hosting a server with cca. 200MB of free space and maybe a 1GB of traffic/month. In the repo, packages would be placed. Packages that would include ppcoind + systemd config files. With such repo, a person would save about 3-4h of time to set up Raspberry Pi in a way I did it.

I just wanted to say that I’ve been reading the thread, but haven’t posted because I’m not technical enough to add anything of value. If this project helps us toward our goals though, then we should do it. It’s just about finding the right people to manage it. There’s so many things going on and not enough people to help. I hope this changes when we start advertising the Peercoin video. We need more talent to join our group.

Do you think there would be any profit potential in somebody developing and selling a cheap device for minting? For example, rather than buying a Raspberry Pi, this device (Hardware & Software) would be designed specifically for Peercoin. It would have a Peercoin specific secure OS and all you’d have to do is plug it in and leave it running/minting in the background. It would be made for non-technical people that just want to plug it in and mint and not have to worry about all the settings and security stuff.

Mind you I lack technical understanding so maybe it doesn’t make any sense to do this. If it does though, somebody could develop this and base an entire company around it. Cheap, secure proof-of-stake hardware minting. The company could even be started up through Peershares. Now tell me I don’t know what I’m talking about, lol.

Adding an upgrade script for getting and compiling the next client won’t be very hard, but even the word script might deter people from using a pi… I think a verified image would be best because its free and so easy to set up.
An apt-get repository would be great too, because it resolves the dependencies required for using the linux binaries. But an image for one ‘supported’ low-energy device is probably best, because they are low cost and dedicated (secure).

The only problem that I see is who will set up and make the final image… Multiple people can compile binaries and compare md5 hashes to be sure they are the same, but capturing an entire install image will probably result in different md5 hashes of the .img file. So the ‘final’ install and capturing would have to be done by a 100% trusted person or group.