this post was submitted on 11 Dec 2024
10 points (85.7% liked)

Monero

1725 readers
13 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 2 years ago
MODERATORS
 

I have no release the first pre-releases of the Haveno app, you're welcome to visit the home page to download the binary, please be aware the first build collected telemetry over tor, and fails if for some reason you're not connected, if you're not comfortble with any telemetry being collected you can follow the guide in the documentation on Haveno building fro source, where telemetry is already removed.

We just use telemetry to report errors, that's all, it help greatly in detecting issues the user doesn't immediately see.


Perhaps at some point I'll address the drama, but I'm more inclined to fixed and bugs you might have for the meantime, I've released most of you are actually having trouble with with getting past the on-boarding stage, I have fixes for both of those coming up today so you will see a working app where you can login and pot trades today again this will just be from Android and Linux and then in few days .

all 18 comments
sorted by: hot top controversial new old
[–] alphonse@monero.town 3 points 1 week ago* (last edited 1 week ago) (2 children)

Can someone explain what is going on, or link to something? This all seems sketchy, almost like a hijacking of the project, but I'm guessing not as there is talk of a CCS.

Also, why is the only network listed aloha? why not reto, which tbh thought was the only one.

[–] monerobull@monero.town 1 points 1 week ago (1 children)

There has been a bunch of drama specifically about this CCS. Reto was censored because Kewbit believes I run it (lol) and wanted to "punish" me for demanding source code before CCS payout.

[–] Kewbit@monero.town 1 points 1 week ago

I understand that Monerobull doesn't run it, but that's only because I take his word for it and kinda do trust him because I strategically asked to borrow 1 XMR from him, which he did (and paid him back), I know it's not much evidence but it shows at least some good faith, that doesn't mean he hasn't been paid to promote/push it - likewise in demoting and trashing emerging networks.

Regarding demanding source before payout, I will provide a response to that if there are any issues with final payouts for the project as it's a rabbit hole better left unmapped, realistically I don't have time to lay it all out in a way people can digest yet either at the moment.

[–] Kewbit@monero.town 1 points 1 week ago (1 children)

I can see how it might look like Hijacking of a project, I'm not sure how that applies to FOSS projects though, they own a twitter with all of their followers, if Google deems my content as valuable then it will rank my site (which btw is managed by a charity now, I dont even have DNS access to it but I will speak more on that later because it's a lot to cover).

Regarding your comments about Aloha being the only site listed, also an interesting find and I'm happy to explain why both mine and my business partner agreed together to black or greylist certain networks. There was at the time significant allegations and and 'drama' upon its release, at the time I didn't think much of it personally since Vik (owner of Cake Wallet) tweeted it out I figured some guy was just testing it out, but as time went on they made them selves known in Matrix and Reddit, I believe those conversations where all public, but from what I remember from the research I conducted before determining to blacklist them from being automatically included in the list, was that the conversation started on Matrix, and if you back track, or at least find the logs from IRC/Matrix, I'm pretty sure they are out there, you'll realise that it was an attack on Markis or the one who claimed to have operated it. Since it was the second server to exist, we did want to take the allegation seriously just in case they were scamming as per the significance of drama that was perpetuated behind it. After about 12 hours of carefully reviewing the code, we found nothing. It was clear, it was a strategic competitive attack from Reto associates, this completely goes against the philosophy of decentralization and federation. Why spend 4-5 years on a project and then have people behaviour like that and deem it as acceptable, it will tackle anti-decentralization and anti-federation behavour tactically in the interest of FOSS, sometimes that comes along with pissing powerful people off. What do you think a powerful person or group would do if they realised they had to share their potential profits with other Haveno federations? :)

Hence, I'm being held hostage for payment for what I believe to be doing the right thing.

Hence, other third party networks getting shut down buy social discredit and provable lies, namely Aloha in this case being malicious being untrue.

--

It's unsurprising you thought Reto was the only network, there have been a handful but they tend to get shutdown or deleted by mods almost immediately and then ultimately get removed from haveno.com because they chose not to keep the seednodes online anyway, it seems this Aloha are keeping them online anyway even though no one is using them.

[–] alphonse@monero.town 1 points 6 days ago* (last edited 6 days ago)

If there weer to be an 'about us' section to explain what the project is and where it came from, that would let people understand that you are not trying to impersonate the 'creators'.

Perhaps including reto in the network section would be a sign of good faith.

[–] g2devi@feddit.nl 3 points 1 week ago* (last edited 1 week ago) (1 children)

Thanks Kewbit. I hope this is a misunderstanding that can be resolved. That being said, it's unlikely many people will beta test a binary without source code, especially if the main reason to use Haveno is to avoid KYC. IMO, it's probably best to address the drama and move on. Since you're likely gun shy about speaking out, it's perhaps best to contact a diplomatic friend that can help express your side and why you don't feel comfortable releasing the code and what would it take to do it.

IMO, there would only be two reasons why you've sent out a follow up post here: (1) You were sincere but made some bad judgements (e.g. timelines, amount of work, how much XMR you needed, "life got in the way", overreactions that cascaded, the code is uglier than you thought and wanted to clean it up, etc) and you hope there's some way forward, (2) You're hoping to make more money either through binary back doors or selling data or convincing people to fund the rest of the project outside of CSS so you can scam them.

I haven't decided which conclusion to make. At the beginning of the last crypto crash most people were angry at the original Haveno team for halting work when the price of XMR crashed with many calling that team scammers. They made a poor judgement on pricing and could have avoided the drama if they priced their work in USD (paid with XMR). Of course, if XMR continued to go up they'd miss out on the USD gains, but fair is fair. Either you want security or risk. Choosing one and then complaining about not choosing the other isn't fair. When they continued their work once the XMR price appreciated and released, all past accusations were forgotten (I know I did until tried to remember an example) and they were and still are appreciated for their hard work.

If you are sincerely #1 and are able to express yourself reasonably, there is a way back. If not, #2 will be the conclusion most people will make and releasing the binaries without source code will reinforce this conclusion.

[–] Kewbit@monero.town 1 points 1 week ago

I appreciate you not jumping straight on the bandwagon with others :)

I surely hope it will be resolved too as I have about 200 XMR on the line thanks to 1 persons incessancy. I would say, do not make the conclusion until the software is delivered and working. Then all truth will be clear and hopefully the community will punish the real perpetrators.

I can make impulsive responses that don't work in my favour for sure, and that's mostly from anger and frustration with negative people, it's a weakness I know recognise and control very well. I can assure you on the life of my kids, that all my intentions are good, always have been, those I must say that the purchase of haveno.com was slightly strategic incase of non-payment, because you never know on the internet, it's a he said she said situation most of the time and no real guarantees, I guess my point is I can expose people with a recognised platform if I do in fact not get paid and then the good members of the community would recognise what individuals to avoid and hopefully make some positive change. It actually wasn't ideal for me to buy haveno.com because it was expensive, but someone has strategically registered haveno.app so it was unavailable and wanted to use that. Retrospectively, it's probably better that I got the .com now that it's evident there are (potentially) systemic issues in certain areas.

[–] XmrLovingAncap@monero.town 3 points 1 week ago (1 children)

Linking to haveno.com while the original haveno site is haveno.exchange. Also haveno.com links to the supposed mobile version without clarifying it obviously! Which contains telemetry?!

I'm not going to touch this until the drama situation is solved i.e. all source code is available. And I recommend everyone does the same.

Sorry kewbit IF you're in fact legit, but after I read how you behaved/reacted and acted with regards to CCS etc. I lost ALL trust I had.

Everyone, be careful!

[–] Kewbit@monero.town 1 points 1 week ago (1 children)

I will talk about drama only a little as I genuinely don't have time for it managing a multi-platform app, but if ultimately I don't get paid for it as promised then I will release a video highlighting corruption. A TLDR; is that ALL of the community drama was substantiated by a single mod on Reddit. He's goes by the name of ofrnxmr on Matrix, annoyingly I did realise all of my respond to this and then didnt save a copy of it, it was then pretty quickly deleted from Reddit. Since monero.town is controlled my Monerobull, I've decided this is the safest place to address any concerns, but only if there is actually a specific concern, I wont engage in nonsense unfounded drama. Please note I have filed a police report in my jusurisdication for him essentially using his platform https://basicswapdex.com/ as a way to convince me to download something to my PC from him when I was new to the community. Ultimately, he can can be considered a very strategic but unhealthy competitor for the 'spotlight' of trading. I have other conspiracies which I believe should be shared too... some well-founded with evidence and some are just gut felling. I may or may not gives these out. Just remember online not all is as it seems, and you should consider the codebase as proof, as I can assure you that any concerns you have with haveno.com I will address every single of them.

Why isn't anyone asking questions about prebuild binaries being in the Haveno Core I wonder?

        Map moneroBinaries = [
            'linux-x86_64'         : 'https://github.com/haveno-dex/monero/releases/download/release4/monero-bins-haveno-linux-x86_64.tar.gz',
            'linux-x86_64-sha256'  : '0810808292fd5ad595a46a7fcc8ecb28d251d80f8d75c0e7a7d51afbeb413b68',
            'linux-aarch64'        : 'https://github.com/haveno-dex/monero/releases/download/release4/monero-bins-haveno-linux-aarch64.tar.gz',
            'linux-aarch64-sha256' : '61222ee8e2021aaf59ab8813543afc5548f484190ee9360bc9cfa8fdf21cc1de',
            'mac'                  : 'https://github.com/haveno-dex/monero/releases/download/release4/monero-bins-haveno-mac.tar.gz',
            'mac-sha256'           : '5debb8d8d8dd63809e8351368a11aa85c47987f1a8a8f2dcca343e60bcff3287',
            'windows'              : 'https://github.com/haveno-dex/monero/releases/download/release4/monero-bins-haveno-windows.zip',
            'windows-sha256'       : 'd7c14f029db37ae2a8bc6b74c35f572283257df5fbcc8cc97b704d1a97be9888'
        ]

On page: https://github.com/haveno-dex/haveno/blob/master/build.gradle

--

Don't take this the wrong way, I'm not attacking Haveno or there developers in any way, in fact we are very cordial and work together well when needed, but I only trust what I built, I've reviewed all code, and decided to not hard code binaries like this into the application as it's impossible to audit, I had to fork the original Haveno project to remove these for the version of the core that the app uses.... You're welcome? I've taken extra lengths in general to make and keep Haveno MORE secure than before.

That being said, I don't want a business relationship or even association with a non-foss entity. (I'm sorry woodser) but Vik and Woodser have equity shares of Haveno in some context, and this well established. However my version of Haveno App is entirely 100% FOSS, with no strings attached, to converge the two (especially when I have been threatened to not be paid for my 4 months work so far from your funds. Therefore, I purchased the domain fair and square at market value from a genuine buyer which whether those mods or anyone else likes it, I am entitled to do, at least this way I can take responsibility for what I build, if it's from haveno.com you know its been evaluated by Kewbit, if it's from haveno.exchange you know it's been evaluated by Woodser or Vik, over time this will help you build trust with both, there is also a very clear disclaimer about this on the Github page for the app. You can understand why I say some of the things in the drama book that ofrnxmr aka snow on reddit aka PsychoticBird aka TrueBird on Matrix. He changes his name a lot but he seems to keep his main one linked to BasicSwapDex out of the drama for the most part. I wish I had time to divulge more but I'd like to move on to actual bugs and other concerns, I will try to uncover the monero corruption more if I am ultimately scammed, depending on how badly I am scammed, at the moment I can identify and provide evidence for individuals who are 100% scammers, others I am awaiting to see or need more evidence. All in good time though, as this is definitely something that the core monero can resolve internally if handled appropriately without making a public anncounement potentially devaluing the coin. I encorage fact checking on EVERYTHING, don't just take one persons narrative as gospel (yes even if they are a mod), you'll see the community and the growth of Monero generally improve over time then.

PS. If some mod deletes this one I will repost somewhere else.

[–] alphonse@monero.town 1 points 6 days ago* (last edited 6 days ago)

Generally I believe reproducible binaries should be the standard method.

It's interesting that you mention ofrnxmr. I've noticed a lot of community members having a very negative experience with him.

[–] ksilverstein@monero.town 3 points 1 week ago (3 children)

I appreciate the new release, but I'm not sure I'm comfortable with telemetry being collected for any reason.

[–] XmrLovingAncap@monero.town 4 points 1 week ago

Telemetry has no place in this. Without full source code and reproducible builds this could be spyware or worse for all we know.

[–] Kewbit@monero.town 1 points 1 week ago (1 children)

That's a valid point, I had left that in there from when me and woodser was testing however I am making another release tonight which will have that removed. It's already removed if you build from source however, and just to be clear, the telemetry was, either routed through tor or not routed at all and was to assist with the development bugs.

[–] Kewbit@monero.town 1 points 1 week ago
[–] baz@monero.town 2 points 1 week ago (1 children)

Perhaps opt-in to telemetry for debugging purposes? I personally won't run a bin or send any sort of data that calls home.

[–] Kewbit@monero.town 1 points 1 week ago

I decided to remove it completely, it just gives the 1 individual spreading hate and lies 1 more thing to capitalise in on. It was very useful for testing before publishing, but I don't need it as much as before anyway so it's cool.

[–] Kewbit@monero.town 0 points 1 week ago

I have now released*