[XMR] Monero - A secure, private, untraceable cryptocurrency

[dEBRUYNE]

I use linux 64 bit cli only.
Going through the ridiculously complicated verification procedure now.
Just finished section 3.2 of these instructions:
https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html
Section 4, download and verify binary, directs you to get the file via command line

Code:

wget -O monero-linux-x64-v0.12.0.0.tar.bz2 https://downloads.getmonero.org/cli/linux64

But after executing the command, I notice it's version 12.0.0.  So is the correct command actually

Code:

wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64

?
And where did the file go, if it's not in the downloads folder?
I just did the point-and-click download of the cli file from the getmonero.org website
and monero-linux-x64-v0.15.0.1.tar.bz2 appears in the downloads folder.
So I am going to go back and do the command

Code:

wget -O monero-linux-x64-v0.15.0.1.tar.bz2 https://downloads.getmonero.org/cli/linux64

continue following the instructions, and hope for the best I suppose.

Code:

a@galliumos:~$ shasum -a 256 monero-linux-x64-v0.15.0.1.tar.bz2
8d61f992a7e2dbc3d753470b4928b5bb9134ea14cf6f2973ba11d1600c0ce9ad  monero-linux-x64-v0.15.0.1.tar.bz2
a@galliumos:~$

And now the instructions say
Your SHA256 hash should match the one listed in the hashes.txt file for your binary file.

 Where is this file?  Yeah, I'm going to look for it, but I shouldn't have to.
Ok, scrolling back, I see that in step 3.1 I downloaded hashest.txt
It's not in downloads.  Where is it, or is somebody going to imply that I'm simply stupid for not having the answer?
I'm starting to get annoyed, and I've been involved with this coin since the very beginning, spring 2014.
Somebody needs to make monero usable or nobody's ever going to adopt this coin except total freaking nerdheads who live in bubbles.

Okay, since I don't know where my hashes.txt file is, I go to getmonero.org to see the hash for 15.0.1 linux cli only.  It matches the result of the shasum command, so I guess it's safe to continue.
Just one little problem.  The zip in downloads is the one I downloaded from getmonero.org through the browser.  Where is the binary that I downloaded through the cli?
Ah, I see it's in the home directory (along with 12.0.0 that I downloaded as a result of naively copy-pasting the command in the instructions, and which a less alert person might have installed unthinkingly LOL).  
And of course another stupid mistake I could make would be to use the zip which is in the downloads folder, and isn't actually verified.

So there you have a narrative of what happens when a normal human being attempts to RTFM and use monero properly.  It's not a pretty picture.

You don't necessarily have to use wget to download the binaries. Put differently, you can simply download the file (.tar.bz2 for Linux 64-bit in your case) from the website.

The hashes.txt file is present on the downloads page. You need to save the content to a text file on your local system.

You should check the hashes.txt file against Fluffypony's GPG key. Merely checking the SHA256 hash is not sufficient, as an adversary could replace that.

Admittedly, the guide could use an update. That being said, there is a limit to how easy verifying the GPG signed hashes can be made. However, moneromooo is working on a secure updater/installer for Monero, see:

https://github.com/moneromooo-monero/monero-update

[Millionero]

The hashes.txt file is present on the downloads page.

"Page" sounds like a website.
Again, where exactly is this hashes.txt file?

[Hueristic]

The hashes.txt file is present on the downloads page.

"Page" sounds like a website.
Again, where exactly is this hashes.txt file?

I think he means you have to grab the text and create the text file yourself. It's easy.

Dos command for n00bs on winblows:
Copy con hashes.txt [entr]
paste text here
[f6 key]


Are you trying to make it look complicated?
They can also just paste in notepad (or any "Basic text editor like TED for Dos) and save but not anything like wordpad that adds control characters.

Doesn't everyone know this stuff?


Why make it easy for n00bs when we can just shovel up a tough to check binary that's infected?
Its not like someone profited from that right?

Holy God.  Is there no escaping this demented creature?

Ignore Button?
You can also use the report button for trolling.

[Millionero]

Not helpful.

[elrippos friend]

Not helpful.

https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html

Point 3.1. Get hash file

wget -O hashes.txt https://getmonero.org/downloads/hashes.txt

[Globb0]

If the file can be compromised then presumably they could compromise the hash too.

[dEBRUYNE]

The hashes.txt file is present on the downloads page.

"Page" sounds like a website.
Again, where exactly is this hashes.txt file?

See the link elrippos friend posted. The link is displayed on the downloads page.

[dEBRUYNE]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

[Globb0]

aha right thanks

[gembitz]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Fluffypony is the mark?    lol 

[elrippos friend]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

[Hueristic]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

Actually a pretty good point.

Maybe he should tweet the Key and have a link to it on the site and then they would have to hack a much tougher target to push a verifiable bad binary.

[GingerAle]

Monero got ranked #1 coin to watch by CoinCodex!

https://coincodex.com/article/6082/top-3-coins-to-watch-november-25-december-1-2019/

ugh, those other two it is with though... make me question that list entirely. Its like its still 2014... 2016. Yeah, this is more like 2016.

[elrippos friend]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

Actually a pretty good point.

Maybe he should tweet the Key and have a link to it on the site and then they would have to hack a much tougher target to push a verifiable bad binary.

Just upload the key to several key servers and keep it verified 

[Hueristic]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

Actually a pretty good point.

Maybe he should tweet the Key and have a link to it on the site and then they would have to hack a much tougher target to push a verifiable bad binary.

Just upload the key to several key servers and keep it verified 

That wouldn't hurt but for the mainstream crowd a simple tweet would be easy to find and then Twitter would have an actual use case.

[elrippos friend]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

Actually a pretty good point.

Maybe he should tweet the Key and have a link to it on the site and then they would have to hack a much tougher target to push a verifiable bad binary.

Just upload the key to several key servers and keep it verified 

That wouldn't hurt but for the mainstream crowd a simple tweet would be easy to find and then Twitter would have an actual use case.

Probably yes, but a packet repo'ish update tool would be the better idea to check the integrity of the files downloaded and installed on the users system 

[Hueristic]

If the file can be compromised then presumably they could compromise the hash too.

Verification of the file against Fluffypony's GPG key would fail though.

Only if the GPG key displayed on the webpage is not compromised 

Actually a pretty good point.

Maybe he should tweet the Key and have a link to it on the site and then they would have to hack a much tougher target to push a verifiable bad binary.

Just upload the key to several key servers and keep it verified 

That wouldn't hurt but for the mainstream crowd a simple tweet would be easy to find and then Twitter would have an actual use case.

Probably yes, but a packet repo'ish update tool would be the better idea to check the integrity of the files downloaded and installed on the users system 

I don't know enough about it to make an informed decision on how safe that is so hopefully a Dev can chime in. @smooth

[wwzsocki]

snip

Despite everything, yesterday one of biggest Polish crypto exchanges BitBay announced delisting all Monero trading pairs.

This is a huge announcement for Bitbay because Monero trading pairs are responsible for 95% of volumes on this exchange.

You can read more here: https://bithub.pl/wiadomosci/gielda-kryptowalut-bitbay-monero-regulacje-anonimowe-kryptowaluty/

So this is not fully true that:

The FATF guidance does not even prevent privacy coins from being listed on an exchange, as long as the exchange enforces KYC/AML for the users.

because BitBay is for sure as regulated as possible in Poland and still has to delistMonero until February of 2020 to be able to comply with the new regulations.

As I said 95% of volumes on this exchange are because of Monero trading pairs and in many interviews BitBay CEO stated that this can be the end for this exchange and if they don't then anyways will be closed by authorities or face very high financial penalties which is also not acceptable.

[CryptoMaxit]

More and more exchanges have decided to remove monero from their sites.

This has affected Monero, but then will affect Bytecoin and other projects that use Crytonight.

What's the next step? Is it time to update the technology and go for Cryptonigh DEXs?

snip

Despite everything, yesterday one of biggest Polish crypto exchanges BitBay announced delisting all Monero trading pairs.

This is a huge announcement for Bitbay because Monero trading pairs are responsible for 95% of volumes on this exchange.

You can read more here: https://bithub.pl/wiadomosci/gielda-kryptowalut-bitbay-monero-regulacje-anonimowe-kryptowaluty/

So this is not fully true that:

The FATF guidance does not even prevent privacy coins from being listed on an exchange, as long as the exchange enforces KYC/AML for the users.

because BitBay is for sure as regulated as possible in Poland and still has to delistMonero until February of 2020 to be able to comply with the new regulations.

As I said 95% of volumes on this exchange are because of Monero trading pairs and in many interviews BitBay CEO stated that this can be the end of this exchange and if they not have to for sure they will not do it but if they don't then anyways will be closed by authorities or face very high financial penalties which is also not acceptable.

[Globb0]

No, I think its time to delete you fake shill account instead.

HTH