‘whereis’ for DOS

This useful .cmd script will find the location of an executable on your %PATH%. It’s the Windows equivalent of the whereis command in linux.


@echo off

for /f "delims=; tokens=1,2*" %%p in ("%MYPATHCOPY%") do (
   if EXIST "%%~p\%SEARCHFOR%*" echo %%~p
   SET MYPATHCOPY=%%~q;%%~r

if "%MYPATHCOPY%"==";" goto done;
goto search;


Bitcoin on a Stick (USB)

Recently I’ve been looking at Bitcoin. It’s a brilliant system that I believe will change the world, but for all its brilliance, at present, it’s effectively as safe as keeping digital cash under your mattress. Everyone is used to banks and FDIC insurance, so going back to this way of old-style way of protecting your money takes some getting used to. You have to realise the onus of responsibility is on you to protect your wallet, and there is no insurance.

So with that motivation, here’s my instructions on how to create a personal Fort Knox to store your Bitcoin Mattress Wallet. I achieve this by installing an new linux operating system on a convenient USB stick. To use it, you just plug it in and reboot your system. Why go to this effort? Because if your Windows PC has a new Bitcoin or key-logging virus, all your bitcoins will be stolen. Irrevocably.

After much research on linux variants, I choose the Ubuntu operating system, which is a popular and secure version of linux with a nice interface. Then I made it a bit more secure.
Please Note : This is my first serious foray in to installing & configuring Linux, so I may have done something wrong. Please correct me if you have a suggestion!

Ingredients :

– USB stick or two, 4Gb or more. I used two 8Gb sticks
– A Windows PC. or two.

Instructions :

1) Download PenDrive Linux (http://www.pendrivelinux.com/downloads/Universal-USB-Installer/Universal-USB-Installer.exe). Install Ubuntu 11.04 on to your USB stick.

2) If you have a 2nd PC, insert the USB stick and reboot the machine. You may need to change your boot order settings in the bios to boot from the USB drive. If you don’t have a 2nd PC, print off these instructions.

3) Install Ubuntu to your pendrive. Select the option to encrypt your home directory. Choose a STRONG password, and write it down on a piece of paper or two. Something with 20 characters, no dictionary words, and containing lower & upper case letters, numbers and symbols. Do not use anything you’ve used before. You can use http://www.random.org/passwords/ if you need help making a strong password. Why? This is essentially the keys to your wallet. If someone steals or copies the USB stick, they’ll have time to crack it, so it has to be impossible for a computer to open by brute force. For long-term safety, you have to anticipate that GPU password cracking is going to improve massively over the next 5 years. Especially as Bitcoin now provides a financial incentive to develop & buy encryption cracking hardware.

4) Now you have Ubuntu installed. First, we’re going to set up a firewall. This firewall will allow simple web browsing, Bitcoin and VPN. Open Terminal in Ubuntu.

5) You’ll need to have root permissions. Type :

sudo -i
<type your new long password. You’ll get used to it eventually>

6) Disable the swap file, so someone can’t steal your keys from it :

swapoff -a

7) You’ll need to use a text editor to create the firewall script. Type “nano ipt.sh” to open the Nano editor, then type :


# Flush all rules

# Set default to drop

# only accept packets from established connections

# filters
# web browsing
$IPT -A OUTPUT -t filter -p tcp --dport http -j ACCEPT
$IPT -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
$IPT -A OUTPUT -t filter -p tcp --dport https -j ACCEPT
$IPT -A OUTPUT -t filter -p udp --dport https -j ACCEPT
# bitcoin
$IPT -A OUTPUT -t filter -p udp --dport 8333 -j ACCEPT
# vpn
$IPT -A OUTPUT -t filter -p udp --dport 1723 -j ACCEPT
$IPT -A OUTPUT -t filter -p gre -j ACCEPT

# don't log anything from internal addresses
$IPT -A INPUT -m iprange --src-range -j DROP
$IPT -A OUTPUT -m iprange --src-range -j DROP

# log dropped packets
$IPT -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "[IPT]Dropped input: "
$IPT -A OUTPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "[IPT]Dropped output: "

echo "Firewall configured for web browsing, bitcoin, vpn"

7b) Press ctrl-O, enter to save, ctrl-x to exit. Next, run this script using “sh ipt.sh”, and verify the rules are present by using “iptables -L”. To persist your iptables settings across reboot, add the following files and mark them as executable using “chmod +x <filename>”

nano /etc/network/if-pre-up.d/iptablesload
iptables-restore < /etc/firewall
exit 0

nano /etc/network/if-post-down.d/iptablessave
iptables-save -c > /etc/firewall

8 ) Next, you’re going to configure a separate log file for dropped packets, so you can check on any attacks without dredging through the rest of the kernel output

nano /etc/rsyslog.d/10-iptables.conf
:msg, contains, "[IPT]" -/var/log/iptables.log
& ~

Restart rsyslog to pick up the changes

service rsyslog restart

9) Now our firewall is in place, update Ubuntu (there should be a pop-up)

10) Install bitcoin from http://www.bitcoin.org. Run Bitcoin, wait for it to download the blockchain. Create a new address, and copy it by-hand, carefully, in to your existing (less-safe) Bitcoin client. Send the bitcoins to it. Do a small amount first, to test you didn’t make a typo.

For extra safety :
– Disable the IRC method of connecting to the Bitcoin network. Create a bitcoin.conf file in ~/.bitcoin/bitcoin.conf containing “safe” nodes from https://en.bitcoin.it/wiki/Fallback_Nodes

set noirc=1

– Install Avast Antivirus (free) http://www.avast.com/linux-unix-edition. Some people say it’s unnecesary as Ubuntu is so secure, but I think viruses are a growing industry and it a cheap precaution. Note : when you’re installing it, it doesn’t play well with Ubuntu 11.04. You need to Ignore the warning/error about missing installed-size attribute, and after it’s installed you’ll need to type the following to let it run. This increases the kernel shared memory size

sysctl -w kernel.shmmax=128000000

– You could use a VPN connection or TOR (untested) to connect to Bitcoin

To clone the drive, insert a new usb stick, and find the device name by typing “mount”. It should be something like /dev/sdd. Also make a note of the main USB device name, which will be mounted as root (/). Carefully type the following. Do not get the devices the wrong way around, or you’ll wipe your main drive

dd if=/dev/<root usb device> of=/dev/<new usb device> conv=noerror,sync bs=4k

After all that, you have a USB pendrive (or two) with a secure Bitcoin client. Now you should be able to sleep at night.