Tag Archives: swap

Monetary System Escape Hatch

MEH: Money Escape Hatch

Cryptocurrency, Money, , , , , , , , , ,

 Money is power – your money, the power to spend.

An escape hatch from the Monetary System

Recently I was the victim of several types of fraud through the legacy monetary system, banking counter-party risk basically.

  • Debit card fraud: A transaction that I did not make showed up on my account. Required getting a new card and the bank did take care of the fraudulent charges.
  • A fraud about debit card fraud: A fraudster called me, preceded by a text that told me of a suspicious card transaction, spoofing the banks own phone number no less. They tried to get me to give up my credentials over the phone and then pretended there were several checks written against my checking account. They tried to run me through the process of setting up Zelle and having me send money to a weird email address. I just played along and acted like I didn’t understand how to use the Internet until the call dead ended.
  • Law firm fraud: A law firm, a lawsuit mill, files a fraudulent suit in the wrong venue using a fake address, so I get sued without my knowledge, resulting in a default judgment. I caught this in time before they were able to execute the judgment, or else they could have performed a money grab out of the bank account, without my knowledge. I informed the court of the fraud, the lawfirm, the Consumer Finance Protection Bureau  CFPB and all other parties that had a hand in this. This was a shocker as I didn’t even realize that his type of fraud existed.

Thoughts

After all this I was thinking about what could be done to lock up money, away from the reach of fraudsters as there is counterparty risk to a lot of things money related, especially in the legacy banking world. Some banks don’t even offer good security, like 2FA via a security key only and NOT 2FA texting to a mobile number that can be spoofed or email, equally weak.

Self custody of Bitcoin seems like the most solid way in light of the weaknesses in the monetary system. Why Bitcoin? Other tokens have less utility, why do we need 1000s of them, and some might be counted as securities someday and some have more inflation as  tokens are minted at the whim of the founders or core team and so on.

But, there are caveats:

  • You need to know what you are doing or else you can blow you cover and compromise your keys and therefore coins and also be too ‘public’ with transactions.
  • Corollary: Not your keys, not your coins!
  • Don’t trust, verify
  • Bitcoin is pseudo anonymous. You are sitting behind a public key and if you use a limited set of keys repeatedly it is possible to trace, via history on the blockchain, who you are and how many sats you have stacked. This is particularly true of an address used, lets say as a donation or payment address which is static. Ideally, you want dynamic addresses. Revealing too much information like this could make you a magnet for fraudsters that decide it is worth trying to, let’s say hack your warm wallets by injecting malicious code on your phone or PC, via an email with a cat video. Or spoof your phone number to bypass 2FA and so on. Heck, they might even try to track down where you live via social media and park in front of your house and break into the WiFi by stepping in on the four way handshake used to secure it, then they are on your home network and have access to every device directly!
  • Always visually verify addresses you send to. Just in case some copy/paste virus gets in the middle and changes the address.

 

Suggestions for caveats:

  • Your keys = Your Coins: Store the bulk of your stack on a cold wallet or paper wallet, in a safe place. Seed phrases as well. Keep only a small amount on a hot wallet, like an app or web wallet, exchange,etc.
  • Stay Private: Use methods to conceal the path of transactions by breaking the address linkage, effectively creating dynamic addresses. Porting through privacy coins comes to mind here and for a BTC only solution, Wasabi wallet, linked to a cold wallet such as Coldcard, BTC only wallet that can be air gapped.
  • Equipment SEC: Air gapped wallet allows you to use something like an SD card to move a partially signed transaction to the cold wallet to sign and back to a hot wallet that is watch only, so it can only take in but, not spend BTC. You can only spend by creating a partially signed transaction and moving it by hand using SD card to cold wallet, signing and moving it back via SD card. Sounds complicated but, is secure. No compromise and follows the verify and don’t  trust the hot wallet sitting on the phone or PC connected 24/7 to the Internet, making it only medium secure. Keep phones, PCs and Wifi secure, good passwords/biometrics and keep thinking through the holes lurking in security.
  • Dumb Human Things: Verify addresses when sending, use excellent passwords and PINs, read the instructions on equipment, like wallets, seedphrase security. Don’t get conned, don’t brag, don’t accidentally dox yourself. People are always inventing new ways to screw things up, so even with the best technology and encryption, mistakes happen, look on the Internet for more examples.

 

Idea on using Wasabi Wallet to enhance privacy along with cold storage

You can use Wasabi Wallet to enhance the privacy of your coins before transferring them to a cold wallet. Here’s a step-by-step process:

  1. Transfer Funds to Wasabi Wallet:
    • Transfer your funds from the exchange or other warm wallets to your Wasabi Wallet. This can be done by sending the funds to an address generated by your Wasabi Wallet.
  2. Initiate CoinJoin Transaction in Wasabi:
    • After receiving the funds in your Wasabi Wallet, initiate a CoinJoin transaction within Wasabi. This process will combine your transaction with those of other users, significantly enhancing privacy.
  3. Wait for Confirmation:
    • After initiating the CoinJoin, wait for the transaction to be confirmed on the Bitcoin network. This may take some time, as it depends on network congestion and the number of confirmations required.
  4. Send Funds to Cold Wallet:
    • Once the CoinJoin transaction is confirmed, you can safely send the funds from your Wasabi Wallet to your cold wallet. This step ensures that the funds you send to the cold wallet have undergone the privacy-enhancing CoinJoin process.
  5. Consider Multiple Rounds of CoinJoin:
    • For additional privacy, you may consider repeating the CoinJoin process with the funds in your Wasabi Wallet before sending them to the cold wallet. This can be done by initiating another CoinJoin transaction within Wasabi.

Remember, while this process can significantly enhance privacy, it doesn’t provide absolute anonymity. Also, the privacy features depend on the number of participants in the CoinJoin process, so it’s beneficial if more users are actively participating in CoinJoin transactions.

Always stay informed about the latest features and best practices in using Wasabi Wallet, as the specifics of the wallet’s functionality may evolve over time. Additionally, consider the transaction fees and potential delays associated with the CoinJoin process and Bitcoin network confirmations.

Alternative Idea Using Monero Swap

Just an idea that I was thinking of, not sure if it would be as good as the solution above using Coinjoin. But, the idea is to take some kind of coin BTC, USDC, whatever that you on ramped from USD via an exchange. Use some kind of swap, like SimpleSwap or the swap feature of a wallet such as Exodus and swap the non private coins from an exchange into XMR on a wallet, then swap to something like BTC on the cold wallet. When spending, run backwards, swap to XMR, then to the crypto of your choice and spend

When you convert BTC to XMR, the transaction history of the BTC is effectively broken, as the privacy features of Monero make it difficult to trace the source of funds. However, when you swap back to BTC, the privacy features of Monero may not be as effective, and your transactions could potentially be traced from that point onward.

It’s essential to note that while Monero provides strong privacy features, the overall privacy of any cryptocurrency transaction depends on various factors, including the platforms and services used for the swaps. Additionally, the regulatory environment surrounding cryptocurrency exchanges and transactions may impact the level of privacy you can achieve.

Raspberry Pi

Reduce writes to the Raspberry Pi SD card

Linux, Raspberry Pi, Raspberry Pi Server, , , , , , , , , , ,

After 5 months of solid up-time for my Raspberry Pi server, which has been running great. It has been taking a picture every hour and from them creating a creating a timelapse video every day. Also it is being used as a place to drop files to periodically from other place on the network, a little bit of file storage. Eventually I will add more storage space to it to use it even more for network storage.

Recently, I started to think about the potential wear of the SD card as I came across several articles online dealing with the topic. I decided to make a few changes to the Raspberry Pi configuration to reduce the amount of writing to the SD card.

Write Saving #1: Using a tmpfs

I editted /etc/default/tmpfs. In it the comments state  that /run, /run/lock and /run/shm are already mounted as tmpfs on the Pi by default. Which I have observed. This was a change made a while ago for the Pi according to the buzz online. I additionally set RAMTMP=Yes to add /tmp to the directories put on the tmpfs. This sets up access to /tmp with rwx-rwx-rwx permissions. There was a suggestion that I saw online to limit the sizes of the various directories, I added that as well.

# These were recommended by http://raspberrypi.stackexchange.com/questions/169/how-can-i-extend-the-life-of-my-sd-card
# 07262015, mods for using less of the SD card, RAM optimization.
TMPFS_SIZE=10%VM
RUN_SIZE=10M
LOCK_SIZE=5M
SHM_SIZE=10M
TMP_SIZE=25M

The OS and some programs will use /tmp. But so do I. I created a /tmp/web folder under it when the Raspberry Pi boots. Into this folder files go such as the hourly photo and the daily video that scripts create for the webcam that is attached. I have reduced 3 hourly writes to just one photo. I keep only one on the SD card as I don’t want to risk losing a bunch of them taken during the day if I totally relied on the tmpfs. If I was using a UPS, I would have no problem saving all of them on the tmpfs and occasionally backing up to the SD or another device. The big saver is the daily timelapse.avi for the web that is created daily from all of the hourly captured photos. It is many megs in size gets written daily and it doesn’t matter if I lose it. It can be recreated from the photos at will. So it is the perfect kind of file to throw on a RAM file system.

I also store the hourly and daily logs that I create using the cron driven logcreate script that I run. The logcreate script creates an hourly log that is concatenated into a daily log on the tmpfs then every day the daily log will concatenate into a full log, that is rotated, on the SD card, so I have a permanent record. Need to put the link for this here!

What is a tmpfs?

It is a RAM Disk, a.k.a. RAM Drive that allows RAM to be used as a hard drive. Obviously when the power goes out, it goes away. So we don’t want anything important to go there. But for things like files that I make such as the hourly photos that my Web Cam takes and the video it makes daily and logs, it is perfectly fine for usage. It is not a really big deal if the power went out and I lost this information as it will be recreated shortly anyways.

Caution

The only issue that I see with having logs on a tmpfs would be a situation where the Pi got in a state of weirdness where it started rebooting itself and then you had no logs to track down the problem. Then I suppose, it would be just a matter of changing the /etc/fstab file to revert to putting the logs back onto the SD card for a while to track down the problem. But, for a Raspberry Pi like mine that is running stable and I am not doing many experiments with right now, having the logs in volatile memory is not something I worry about. Plus it is easy to make a script to backup the logs to the SD card or another computer, if you manually reboot it, so you can save them if you like when you have control of the reboots.

Write Saving #2: Turning off swap

If the Raspberry Pi runs out of RAM, not likely if it is a server set up for light duty usage, it will start to use swap which is on the SD card, causing writes to the swap file. Mine rarely touches swap. I would rather tune the thing for better memory use than have it use swap.

It is possible to turn off swap usage using the command…

sudo dphys-swapfile swapoff

This is not persistant and needs to be done on every boot. It could be put into the root crontab by editting it using sudo crontab -e and adding the line. Or creating a script for it along with other items that are to be run at startup.

@boot dphys-swapfile swapoff

Online, people said that there was another way to turn it off by reducing the swap file size to zero, a config file for swap, can’t remember the name. But it is claimed that when it reboots it just overrides that and makes a default 100M swap file.

Write Saving #3: Moving /var/log to a tmpfs

One of the biggest offenders as far as writing to files periodically is the logs that live under /var/log and it’s sub-directories. You can create an entry in /etc/fstab that will create a tmpfs for /var/log. The only caution here is daemons, like Apache that require a directory to exist under /var/log or else they will not start. Apt also has a directory under /var/log, but it creates itself when apt runs for the first time so that is no problem. The apt directory has logs that keep track of what apt installs or uninstalls, good info to know about. News seems to work fine creating a directory for itself too. So for me only Apache is a problem.

  1.  Put an entry in /etc/fstab… 
     tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0
  2.  Found out that news and apt folders create themselves when these things run.
  3. Apache is the one thing that does not like a missing folder so made a Kludge for now using ~/bin/setup-tmp.sh where I create /var/log/apache2 and chmod it 750. Then I restart apache using apachehup.sh, which just restarts it. Apache was failing to load when I pointed the log dir to /tmp in /etc/apache2/envvars under the export APACHE_LOG_DIR directive.

Write Saving #4: noatime

As you can see above one of the options used in the /etc/fstab file is the noatime option. By default the Raspberry Pi uses this option for the mount of the SD card. If you add mount points of your own to the card, make sure noatime is used. Without it Linux makes a small write each time a file is read to keep track of when it was last accessed, this obviously causes writes. It is possible to use it for the writes to the tmpfs as I am doing above. It saves a bit of time as the system does not have to do a write when a file is just being read.

Another good use of noatime is for drives connected across the network. For example on NFS mounts noatime is a really good choice. The network is generally slower than devices attached to a PC and having to send a write across every time a file is read, slows things down a bit when moving many files.

 

Been running this setup with the RAM savings for a few months now with no problems. I hardly ever see the ACT light blinking on the Pi anymore.

 

The LEDs have the following meanings :

  • ACT – D5 (Green) – SD Card Access
  • PWR – D6 (Red) – 3.3 V Power is present
  • FDX – D7 (Green) – Full Duplex (LAN) connected
  • LNK – D8(Green) – Link/Activity (LAN)
  • 100 – D9(Yellow) – 100Mbit (LAN) connected

From http://www.raspberrypi-spy.co.uk/2013/02/raspberry-pi-status-leds-explained/