

Termcoin – A Bitcoin wallet for your terminal - chjj
https://github.com/chjj/termcoin

======
sigil
Careful using this, I'd personally wait until a proper security audit was
done.

For instance, you're getting the user's wallet passphrase at line 1361. Does
the passphrase just sit around in memory somewhere, long after the wallet
encryption has been kicked off?

[https://github.com/chjj/termcoin/blob/master/bin/termcoin#L1...](https://github.com/chjj/termcoin/blob/master/bin/termcoin#L1361)

~~~
chjj
It's a bit tough to deal with this since javascript doesn't offer any real way
to zero a string's memory. The way to do this would be to read from stdin
directly into a Buffer object (which is malloc'd separately from the v8
allocator) and to buff.fill(0)/memset(buff, 0) once we're done. I'll
definitely work on implementing this. Thanks for pointing this out.

------
indexzero
The underlying terminal parser is friggin' hawt:
[https://github.com/chjj/blessed](https://github.com/chjj/blessed)

~~~
notastartup
that really is sexy...quite possibly the best UI I have ever seen. brooding
dark background and no nonsense colors.

------
girvo
Heck yes, I've been looking for something exactly like this. I hate the Qt
client, and the others I've played with aren't much better, but this is
perfect :)

EDIT: Dumb question, running Mint 16 here, installed the nodejs package
through apt, but termcoin looks for "node", not "nodejs". I copied the symlink
as "node" and am just installing the npm modules now, but whats up with that?

~~~
MarkPNeyer
the commandline binary for nodejs is just 'node'

~~~
yrro
Not on debian, where 'node' is used by something else.

------
GigabyteCoin
It looks amazing, and I do dislike the current bitcoin-qt that most of us use.

However, I'll be damned if I install it on my machine for at least a year or
two after it's been released and fully verified by everybody in the community
who matters.

~~~
VexXtreme
If you're worried about the security then just verify it yourself, don't wait
for others to do it for you. It's not like the source isn't available for
auditing.

~~~
sturmeh
We're not all skilled pen testers.

------
fnsa
Interesting, I've also developed a bitcoin client :) However, mine is
completely independent of bitcoin-qt and is meant to be lightweight and
snappy. It uses SPV. Here's a screenshot:

[https://i.imgur.com/pRLs1ps](https://i.imgur.com/pRLs1ps)

Let me know if anyone is interested in taking a look.

From my README file:

bitc is a _thin_ SPV bitcoin client.

    
    
      - 100% C code,
      - support for linux and mac platforms,
      - console based: uses ncurses,
      - home grown async network i/o stack,
      - home grown poll loop,
      - home grown bitcoin engine,
      - multi-threaded,
      - valgrind clean.
    

edit: indentation.

~~~
pjbrunet
If you have some kind of email list, please add me "pj at pjbrunet.com"

------
crugej
Finally something to replace the awful bitcoin-qt. Get the best of both worlds
with a "gui" that is in the terminal.

~~~
atweiden
Notably, there is as an alternative to this node terminal btc client.

    
    
        electrum -g [text | stdio]
    

The terminal interfaces could use more testing to say the least, but Electrum
has been around since 2011. It's written in Python and includes support for
CLI based multisignature transactions [1], raw transactions, proxies, and
server selection. It was recently added to the Debian official repos.

It's actively used in ecommerce [2], and we've even heard on #electrum
freenode of at least one Bitcoin exchange using it on the backend.

Electrum uses a deterministic mnemonic address generation system (soon to be
BIP0032 compatible) and the Stratum protocol, which involves running a gateway
daemon [3] and bitcoind on the backend, to tackle the large size of the
blockchain and rather unwieldy individualized address generation scheme in use
by Bitcoin-QT.

[1]
[https://gist.github.com/atweiden/7272732](https://gist.github.com/atweiden/7272732)

[2] [http://acceptbit.com/](http://acceptbit.com/)

[2] [https://wordpress.org/plugins/bitcoin-payments-for-
woocommer...](https://wordpress.org/plugins/bitcoin-payments-for-woocommerce/)

[3] [https://github.com/spesmilo/electrum-
server](https://github.com/spesmilo/electrum-server)

------
banachtarski
Security sensitive software written in js huh?

------
jboggan
I've been ready to ditch bitcoin-qt . . . this is fantastic.

------
adrianwaj
After seeing the screenshot
([https://raw.github.com/chjj/blessed/master/img/screenshot.pn...](https://raw.github.com/chjj/blessed/master/img/screenshot.png))
I'll be switching to "Welcome to my program" from now on instead of "Hello
world!" which is getting really tired. I don't know why I never thought of it.
Facepalm.

------
sktrdie
I see e-ink readers, such as the Kindle, being used as a POS system for
merchants. Linux installed with this running.

It's awesome because it's super lightweight and can be installed on virtually
any device without even having to run an X ui server.

That also means that you don't have to install anything _but_ this bitcoin
client on the system, which dramatically lowers the possibility for attacks.

------
pjbrunet
Wish this was elaborated: "Ideally I wanted this to have all the capabilities
of a full wallet, but that would require, for example, linking to to berkeley
db to parse the wallet.dat. I wanted to write this entirely in node."

So it still makes a wallet.dat file but different wallet encryption? I'm a
little confused.

~~~
chjj
termcoin uses the bitcoind json-rpc api[1] for (nearly) everything (which
means the same wallet.dat file, the same encryption (aes256-cbc), etc.). What
I mean to say is, the bitcoind api is a bit limited with regards to how it can
manage a wallet.

For example, there is no way to retrieve the "send" addresses from the wallet
via the api. The only way to do this is by using bdb to open the file and
reading it as a berkeley database. Send address retrieval is the only thing
termcoin does not use bitcoind for: termcoin has a "dumb" parser built-in
which reads the wallet.dat and searches it for bitcoin addresses, when it
finds them, it checks to see that they're valid and also checks them against
"receive" addresses.

The bitcoind api is also incapable of re-labeling or deleting addresses
(bitcoin-qt itself cannot delete "receive" addresses). A lot of people end up
using a tool like pywallet (which links to bdb) to get around this. These are
the only two limitations in termcoin's functionality that keep it from being a
fully-fledged wallet.

[1]
[https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_Calls...](https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_Calls_list)

------
samweinberg
Great job, this looks really neat.

------
oakwhiz
This is better than having to read the docs every time I want to send a few
coins...

------
derengel
Please report if you lose any coins ;)

------
SteveDeFacto
Javascript was a bad design decision.

------
Morphling
Looks cool.

------
compare
Finally.

------
eterps
I'd prefer CLIcoin

~~~
Istof
I'd prefer coinCli

