How to safely connect cold storage offline wallet to your online wallet

USB keys or SD cards are one way, but I dislike using USB drives because they are an unacceptable infection vector for my cold storage machine.  USB, SD cards or any block storage introduces drivers and firmware which may be suspect and or may contain malware that you copy unknowingly or that gets launched automatically (reference:

What to do, then?

These laptops have a wired ethernet port.  I can connect them back-to-back and simply have a static IP configured on both machines.

Enable the SSH server on the online machine with the following command:

sudo apt-get install -y openssh-server

Then go to the network menu, select Edit Connections, select Wired Connection 1 and hit Edit.  Go to the IPv4 Settings tab and set Method to ‘Shared to other computers’.  You can now hit Save and then Close.

Go back to the Network menu and select ‘Connection Information’ and note the IPv4 IP Address of Wired Connection 1.  This is the IP address you will connect to from the cold storage machine.

Connect the two machines together with an ethernet cable.

Use FileZilla to connect to the IP address of your online host.

You can now safely drag and drop files between the two hosts.

The $180 Bitcoin Wallet I got at Target

Problem: Need offline/cold storage for our coins

Solution: AMD-based HP CloudBook laptop at Target for $180

Why AMD? Many Intel CPUs have vPro techology baked in – which has a nasty security hole allowing remote IP KVM to be enabled, allowing for keystroke logging that is simply unacceptable on our wallet machine.

They come with Windows 10 Home preinstalled, which we go ahead and log into and download the following things:

Opera Browser:

Install the opera browser, go into settings and turn on VPN in the Privacy and Security section

Xubuntu ISO image:

Rufus USB image writer:

Run rufus after downloading, select the Xubuntu ISO image you downloaded before rufus and write it to a 4GB-32GB USB stick (preferably a USB 3.0 one)

Reboot and keep tapping Esc to go into the BIOS

Find the boot order, move USB devices above the built-in SSD in the boot order and reboot.

Install Xubuntu, enabling disk and LVM encryption when you get to that point in the install. Pick a password you will not forget.

Once Xubuntu is installed and you are logged in, connect to the internet, open a terminal and do the following to bring the system up to date:

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get autoremove

Go through the power settings and enable suspend on lid close and shutdown on reaching critical battery levels.

Firefox is installed already, use it to download and install Opera. I have had better luck downloading the file and installing it in the terminal rather than using the GUI software manager. The command to install manually is:

sudo dpkg -i <packagename>.deb

You will find it in your /home/<username>/Downloads folder

And that’s how we turned a $180 cloudbook into a whole-disk-encrypted hardware eCoin wallet.

Start installing your favorite wallets. Our next post will cover installing and configuring Electrum.

how do I make my WiFi better?

Here is how we have improved our WiFi at multiple locations:

1. Replace consumer-grade WiFi gear with enterprise-grade gear

2. Add additional WiFi radios to increase coverage zones

Why replace consumer-grade Netgear/Belkin/Linksys/TP-Link WiFi gear with enterprise-grade gear? Because enterprise-grade WiFi gear will let you deploy multiple access points that will allow for seamless roaming from one access point to another. Consumer-grade access points don’t do that. In addition to roaming, the coverage provided by enterprise-grade access points is generally much better and will cover a larger area.

The gear we recommend is the Ubiquity UniFi line. The difference between the Pro and Lite versions of their access points are:

Lite version has a 2×2 MIMO radio and is indoor-only

Pro version has a 3×3 MIMO radio, is indoor/outdoor and has a 2nd ethernet port for connecting wired devices

The best news is that the cost of these Ubiquiti radios is the same or less than the consumer-grade radios they are replacing.

The CloudKey controller is optional, you can run the UniFi controller on a Windows, Mac or Linux PC – or a Raspberry Pi

the USG is a firewall/router that integrates with the UniFi Controller and allows you to manage everything from one user interface. Not required, but nice.

Replacing your current WiFi gear with an enterprise-grade set of gear will eliminate dead spots in your coverage and give you a reliable network you can trust.