IT head leaving the project
Dear Assembly, colleagues, brothers and sisters,
this is @proframa, head sysadmin and developer at BotC until now.
As announced, I'm leaving the project and the present document reviews the period August 2018-January 2021 while involved on Faircoop, Faircoin & BotC.
I'm writing this as an issue, to keep it as reference for a good follow-up in case there is interest. This should have been a standard practice for many other topics which were discussed on many Telegram Groups. I've insisted on it several times to no avail, and still believe it's an obstacle for this community to properly address many issues which remain unresolved or even invisible.
The aim of this document is to provide a reflection, always from my personal perspective, as a regular member-user of BotC since around October 2018 and head responsible of the underlying technology which makes BotC work, unofficially since October 2019 (when I first got root), and officially since January 2020 til sometime soon after January 2021, with the hope that people taking it from here, can have more elements than those I had, to move around and find agreements or take decisions.
This doesn't intend to be an essay, report or scientific paper. It's basically redaced as the story seen directly from my eyes. I didn't know of a better way to present it and decided to invest no more time on all this.
Introduction & how I joined Faircoop/BotC
Just to provide some context to understand who is writing this and hopefully why you are reading it:
I went first online around '94, setup our school's BBS around '96 and worked on one of the main ISPs (Internet Service Providers) in Argentina in '99 at around 19 of age. After the major financial crisis in my country by December 19 & 20 2001, where banks kept the money of people, I left in May 2002 to Barcelona and got connected to the hacktivist scene, where I begun collaborating with different organizations around Europe, including Dyne and Indymedia and many others.
There are good old friends around here like @feeldown, @rasobar, @encosianima, @fsfonseca and @Jaromil_Rojo and probably others who can validate my words, or at least big part. Just as a note, and it's not minor, with some of them we are not currently speaking, which is just one example of part of the community rupture. I think it can still be repaired.
Around June 2018 I've quit a software startup project in Barcelona -where I was stakeholder- because it was terribly managed and I was just wasting time. So I left and was planning to start a surf trip living on my camper van around north of Spain for undetermined time, while searching for interesting projects to work on, and even thinking of working on agriculture. Ask to the universe and it will provide: one day by chance, while still in Barcelona @feeldown appeared at my lab -after not seeing each other for more than 10 years- and it's when he introduced me to Faircoop, Faircoin and Botc. I delayed my plans and we drove instead to Novi Sad, for Faircoop's Summercamp in August 2018.
Faircoop tour started on fire, for good and for bad
In Serbia I met amazing people and enjoyed a lot collaborating with them. To mention some @Michalis_K, @ivanans, Moki, @sporos. With some we've done very concrete collaborations contributing to Faircoop and Faircoin, and with some we still collaborate til today. There I met Moki, and developed a great relationship, to the point I kind of adopted him as a brother. Then he stabbed all of us on our back when he literally stole 26 ETH and some BTC. Note that I warned @Enr1c that all of Moki's credentials should have been removed when it was decided that he would no longer continue on the developer role, as a consequence of not responding and never being available along the ~5 months I tried hard to get his cooperation to understand the whole BotC software and infrastructure, for which absolutely no documentation existed. My request was denied on the basis that he should still help understand the system, but evidence showed since the beginning he was not willing to share that information.
Back to Serbia, I recall the previous days, weeks or months before the meeting, there were already some claims about the financial situation and figures not looking in shape enough to spend on the organization of that event, among other topics like OCP, Usefaircoin and Fairmarket. Sometime around those dates it was announced that the Faircoin to Euro exchange was being stopped.
One day during the Summercamp, a group of people who are also part of BotC, and was unhappy with many aspects of the organization, presented themselves as Komun, with a set of alternative tools for those being developed at Faircoop. This moment seemed to set a breakpoint where the community somehow split between those who support @Enr1c and those who don't.
The disagreement and violence between the two major Faircoop groups got to really high levels, with episodes that can prove that, some people know them and they could even be found on the Telegram groups. I was myself involved in some of these agressions and I regret about how I acted myself at several occasions.
Around May 2019 we organized a winter hackaton at Dezentrale in Jura, Switzerland, where there was not a single line of code as outcome, but rather a bunch of lists of problems and potential solutions, which was followed-up by some compas for a while but I don't recall many conclusions other than keep focused on productive projects, which could have some cashflow and from there hopefully help funding sister projects. For that reason we tried to re-develop coopfunding but that project sadly failed before having any alpha to try and with a poor project management or even teamwork, again.
Soon after I decided to leave all Faircoop groups and stayed only in Freedomcoop and BotC, as they were my toolkit to work as an independent worker and currently play an essential role for funding my ultra low-cost lifestyle. I plan to document about it on a separate document.
Some comments about Coopshares
Some may remember Coopshares, and some know that I was responsible of leading the project for a while, where I've dedicated quite some time on research, meetings and experimenting with Social Wallet and Fairchains, two really cool projects. I even travelled to Dornbirn to meet personally with Thomas König. For #Transparency, I got paid €1500 and accomodation in Amsterdam for some weeks around January 2019 to work with Aspra from Dyne, author of Social Wallet.
We started collaborating with John S. and had some organization meetings, but we discovered the model's design was not enough thought and it required more work, at the same time that BotC infrastructure and software needed a lot of attention and added to that, there was the complex layer and topic of OCP which was mostly adding noise to the architecture design. In any case I've stated myself more than once, that I was under skilled for such a complicated project, and there didn't seem many people keen on cooperating on it apart from John.
In the end we dropped Coopshares and @Enr1c took a different path with some organization called Chromia, from which I personally don't know of any outcome either. I must admit it was a pretty complex project, and the techonology we had to deal with, and the team, was far from optimal (@bumfresh on OCP and Moki on Chip-Chap software and me with zero experience in cryptos).
Let me highlight the "under skilled" thing, as it's a repeating pattern that I have noticed on several projects around here. For example Onix was under skilled to develop Usefaircoin map on Wordpress, @bumfresh was under skilled for OCP, and Moki was under skilled for BotC. He had for instance zero experience on linux shell, servers setup or system administration, he was just a PHP programmer and especially experienced on carding (credit card fraud). I don't know if the closest to him knew this before offering him for the role at BotC.
Becoming root @ BotC
In October 2019, @Enr1c asked for help with some old servers inherited from Chip-Chap where they didn't have root access to, and we had to recover them via the good old
init=/bin/bash kernel parameter -which I taught to Moki- after managing to export all private keys thanks to a design flaw on Chip-Chap setup, which allowed unrestricted RPC calls directly to the crypto nodes. For the record: there should be a wrapper around the node, which should export only the relevant methods for executing the minimal required operations from the wallet, like generating addresses or sending a tx. Someone should address this in the future, and include some logging for debugging or audit purposes.
That was the first collaboration between Moki and me directly on BotC servers, but it was not that smooth. The guy was never available, and when he was it was mostly from phone, so it was really hard to work as a team. It was not the first time he failed to provide cooperation, the first proof was when he delayed for weeks in replying how to setup the coopfunding development environment which @bumfresh can confirm was so. (Hint: the software was based on some code he had from another project and convinced us to use).
No team, and suddenly no funds
Since the assembly (?) decided to remove Moki, I absorved the responsibility of his role, having to learn by reverse engineering everything because there was absolutely no docs and he left before explaining anything, running away with all of the "common funds" which evaporated in a single operation, while I warned his access must have been removed since the moment he was removed from the role due to not fulfilling his compromise.
IMHO this is a very serious mistake, not to call it negligence, because while knowing the situation, Moki was given the last ETH to recharge the hot-wallet for a member to cashout, and it was supposed he would explain to me how it worked, but instead he preferred to do it and didn't explain enough, especially about fees and gas. And some hours later after doing the recharge, he has taken himself from that payout address all of the available balance which was like 26 ETH. The job to try confirm it was Moki was pretty dense, and it took also some time to audit and secure all servers. But the funds were already gone. It was a pretty complicated job to investigate what happened, and what exposed him most clearly was the high fee price paid by both the recharge and his cashout operation, which makes it complete faster, or course. Later through some contacts we found more information which helped narrow down the possibilities even further. It was also quite obvious his unsurprised reaction and lack of cooperation to try discover what happened.
Stolen funds made us stronger: BotC imMunitech got born
After the episode of stolen funds, I've personally issued an invite on BotC Tech to call for technically skilled people to join and actively work and collaborate with the project. I must say that was the best group ever from all those I've been part of around Faircoop, Faircoin, Freedomcoop or BotC. There we regularly have healthy communitaction, exchange of knowledge at really top level, help each other and contribute to understand, resolve and maintain many aspects of BotC's underlying tech.
We've been doing a great work together, and probably only those who are part of that group, are real witnesses of what was done here along the whole 2020.
One of the last hopes
One of the last hopes to help BotC take off was to complete the new frontend, which again was a failed project, where mainly @Enr1c and Moki were responsible and some mess happened with Wex. After some time where @reprograma and me have been collaborating to maintain and keep updated the libs and framework for the new frontend, with the aim of preparing the terrain for welcoming new developers, @reprograma and me discovered we had a friend in common, Marcelo, who was actually recently introduced to flyp.me by me to complete their frontend, and later implemented the new redesign for Holytransaction, so he was our best candidate to complete BotC's too. So we started conversations and I have assisted him to install the development codebase and run and compare it to the production (legacy) frontend, in order to understand the project and what we had to achieve.
Some days later he presented an estimate of €1500 to complete the project, but as a surprise, with the loss of (stolen) common funds, it was impossible to pay that amount, even the calucaltions climbed to above €3000 available budget for BotC Tech. It's funny that @Enr1c knew these conversations were underway and expecting the proposal, but never mentioned the lack of funds to pay for it until it was presented at the assembly as agreed between us in advance.
Needless to say how shameful it was to tell that to the candidate when we had everything ready to start if his proposal got approved. So we had everything except for the funds to complete that critical project which was dormant for about a year or more.
The last intent
In the last months of 2020, we've joined an initiative proposed by @fair007 to try reorganizing BotC, based on a methodology called Sociocracy 3.0. After spending times and meetings, we noticed nothing was going to change because many aspects where only covered by @Enr1c and he wouldn't share the responsibility or even the information required to understand the project's situation.
I won't go into many details about this process, but in summary, we decided to drop it, mainly because @Enr1c didn't show enough enthusiasm and cooperation, missing 2 out of 3 meetings without further comments.
The failiure of this initiative made me lose all hopes of improving BotC.
Funds blocked and the eternal claims
Not only all intents to make BotC better were failing one after the other, but to add, it turned that by the end of 2020 some members started to complain about not receiving their SEPA cashouts. At the same time, old names like @tereseta or @rossinyol came back with the old claims of missing funds even mentioning an old project of @Enr1c called CIC and some hot discussions around the eternal loop started. Maybe it's eternal because it remains unresolved.
I left Faircoop because the atmosphere made it impossible to work focused or have reasonable discussions with agreements on how to address the many issues. Sadly, this scenario is back at BotC groups.
What about transparency?
It's possible that the claims are right reasonable, but there's never a common agreement between the community, and it's mostly a dialogue from a group with @enric. No idea how many people are waiting for funds and how much really corresponds for them to get back.
I've heard some of those who claim have done juicy fair->euro exchanges while it was still available, and IIRC from cheap Faircoins, since they were there at the beginning. Even if I have access to all BotC databases, for ethical reasons I don't look what's in there. I would rather prefer that people who claim, decide to share their balance history. Or how can we prove that without violating privacy? Is it wrong that someone exchanged more than others? Maybe it's something impossible to control. Probably a design bug on the system's logic.
BTW, my balance hisitory was shared on some issue, and I'm ready to attach my updated balance history dump for inspection.
As an extra #TRANSPARENCY step, I've been thinking since a while about sharing our kind of "resources sheet" where we list all belongings, including all kind of assets from bank accounts to vehicles, cryptos or properties. Surprisingly at CHT, Fuerteventura ( https://totalism.org/ ) I met this guy from ex-Yugoslavia who introduced me to their "financials template" which I've recently filled and shared on their group:
In summary I don't have any wealth other than my van, some FLYPME tokens (as I've developed their frontend) and during all 2020 until now €500 a month from BotC. I'm far from becoming rich working here, but I can't complain, I've learned to live really low-cost, working on solar energy from my van in front of surf spots in the Canary Islands, and somehow BotC helped on this process.
Can we all open our numbers? If not: why?
Summary of work done for BotC
Due to the nature of the project, and following agreed decisions, the source code and documentation of software operation as well as sysadmin information and infrastructure documentation remains classified, but some general details can be shared.
This the list of repositories we've created and maintained with @tonyford:
Some repos were inherited from Chip-Chap and some were created by @proframa and @tonyford.
crypto-managehold scripts and tools I've developed to operate crypto nodes. This repo could probably be made public as it does not contain any sensitive information like passwords (they are handled via local config file)
botc-sysadminholds sysadmin scripts and docs imported from old Gitea project:
BTC_FORWARDER_SERVER.md DB_DELETE_CARD.md DB_ETH_BALANCE.md DB_OPERATIONS.md DEPLOY_FAIRCOIN_FULLNODE_AS_A_SERVICE.md GENERAL_DOCUMENTATION.md SERVER_ACCESS.md SERVER_BACKUP.md SERVER_SETUP.md WALLET_RESET_KEYS.md
More documentation on the wiki:
Change BTC fixed fee Connecting wallet API to geth node Cryptonodes Management Notes Ethereum Workflow and Operation How to Install latest LXD on Debian Parity config Servers setup Wallet Software Insallation development workflow
Note that the 'Wallet Software Installation' wiki page was created (incomplete) by Moki.
It's advised that all docs be put on the same place: either repo or wiki.
A summary of commits follows:
- More details of all the above can be found on the private projects listed above.
Ideas, observations, random comments
If the model is dependant on someone taking the risk of using their name on the different platforms like exchanges, banks, legal structures, etc. then it may make sense to find more people who are willing to share part of those risks with @Enr1c. If that's not possible, it seems we're in a dead-lock and dependant on the only person
The assemblies had serious shortcomings like the lack of a clean methodology to keep track of the agreements by anyone. The are some bunch of pads laying around with assembly notes, but sure I'm everyone will agree that it's pretty chaotic and unpractical.
Part of the original idea of BotC, as I understand, was to create a bank for a Fair Economy, but it currently looks mostly like an alternative fiat bank with support for cryptos and exchange between all those. It's pretty handy, if it hadn't so many glitches with delays, and would work smooth, with a proper UI/UX, it could compete with services like Revolut which is massively successful.
The monthly balances presented by @Enr1c, make it evident the lack of experience on accounting.
Communication with @Enr1c is complicated, sometimes cryptic, incomplete or confusing.
@Enr1c cannot lead any software project. He doesn't know how to do that or write software specs, and tends more to confuse developers. I can assure this for example when I started reading the chaotic docs of Coopshares.
Someone please add the postive qualities as I'm unable to see them right now, but I'm sure he has.
@Enr1c could probably fit better as PR, and use his image as Robin Bank to promote the project. I believe we should be able to attract fair investors and should avoid "pirate operators" to stay away from any potential criminal connection.
Bigger operations could and should be operated on separate accounts from the "community shared" ones, to avoid potential lock of funds requiring documentation to justify them.
Funds could be stored on a stablecoin?
Are we all conscious of what it means to offer a custodial service where we hold funds of people? I don't think so.
Are we aware that the funds are being managed by someone with a known record of losing funds? There is a big case which touched me from close, and I will limit myself to mention just "Milano BBQ" where our friend lost 10+ BTC when scammed in a strange operation he was warned about by a contact of mine who was potentially lending some BTC to fund the lost liquidity of Faircoop in a desperate move. Some people around here know the case better than others, and still betther than me. The other case is Moki's episode. And there may be others we don't know.
An approach we've discussed on different groups could be to share the code along with documentation and installer scripts with interested parts of the community who would like to start their own BotC instances.
Note that to do a webwallet with fiat, with all correct, it would be necessary to comply with a lot of regulations including AML (Anti Money Laundering). This is is a tedious process from what I know.
There is seems to be "declaration of intentions" but there are no visible introspection or review to compare the goals against the current results. There are no responsibilites for the wrong decisions?
There is no projection for the future of this project, and I don't think there will while @Enr1c keeps his many roles for himself. Help was offered in numerous times, and it's been repeatedly rejected.
It will always be possible to seduce new people, but those who worked with @Enr1c, we know what it means and how it goes.
Some day someone should admit that OCP had no real use for BotC. The crappy "feedback box" to provide user support is the most nasty solution I could ever imagine. So obsolete. So OCP was onl used for accounting member's shares and user support. I've insisted multiple times this should be replaced, to no avail.
We have started an internal audit, but then I realized that we would certainly find holes on BotC's figures, because we can bet the accounting was not managed in a methodic and organized fashion. So what to do with that? We could still complete it I guess, but @tonyford and me, who were leading the task, got really demotivated and see it as a waste of time. Me personally, I don't want to play the detective again like when I did during Moki's episode. We've even found some anti-fraud tools around Neo4j to track blockchain TXs, but honestly, I don't want to get there or invest time on it. That's not part of my job, not on my skills and not on my interest. I'm hereby quitting from administering cryptonodes dealing with funds of people.
We have also started to try pulling some useful data from the databases to produce some meaningful graphs. See #105 . There @eloyesp helped a lot, and we seem to have concluded, if the calculations where correct, that there is an average of 40 users moving an average of €50k per month. I'm not sure who those 40 people are, but certainly there were never 40 people active on the assemblies. So for the people to whom BotC works and serves their purposes, they may want to try find agreements to solve the many problems around the project. Otherwise, instead of members, they are just users. Like customers. Like in any other commercial project.
The project now has the difficult task to find someone (or a team) to take care of the software and sysadmin. Fortunately, there is a lot of documentation and we could still produce some more as needed.
I announced my departure to be completed within the first 3 months of 2021 basically to let the project introduce someone to replace my role and cover the financial gap from leaving the project.
Beginning of April latest, all of my access credentials should be removed at least from critical infrastructure, and all private keys regenerated. This is a protocol step to avoid any space for doubts in case of lost funds (like the episode with Moki) which could implicate me.
To be clear: since the moment my credentials (root or any access) are revoked and private keys are replaced, I will automatically stop being responsible for any crypto operation happening on BotC's nodes.
I may stay as a normal member using the service as long as I see it working reasonably and if discover any bug I will report.
From this moment, and until I'm fully out of the servers, the following are my conditions:
I will limit myself only to the original deal, which was servers administration, to make sure everything stays running. No more code, no more bugfixing.
I don't want to touch crypto funds anymore. The recharge of the Ethereum payout address is done by hand each time a member needs to cashout. I refuse to remain on call for that duty, but I will remain available to solve server issues, maintain backups, security updates, etc. This means ETH transactions won't be possible if they depend on me to move funds from users' addresses to the main address. I don't have any proposal to solve this, other than speed up the replacement for my role, and I'll train that person on the dev environment. Once ready, I may remain on dev, add the new admin to production and remove myself from it. If anyone has a better idea, I'm open to hear. Maybe the alternative is to use BTC instead. See #107
I make myself available to the assembly to clarify any doubts or questions which don't compromise other members' privacy, however I will not remain on any group except for "imMunitech" and "Core", and will leave "Core" once my credentials get removed. If the assembly needs to speak with me, I suggest they agree on a date to call for a meeting, or assembly, and I will be there. I'm available also for videocall if needed.
I will outline a document with what I think are the skill requirements for an individual or team to take the role, and general aspects to consider from the candidates. See https://git.fairkom.net/faircoop/BankOfTheCommons/BotC_Overview/-/wikis/BotC-Tech-role-description
I will try to review and update all open issues with the most up-to-date information for the next responsible person to handle them.
There are probably more things to say, but I have no more energy. Writing this document took me multiple hours across several days, in addition to many days of all topics spinning around my head.
I'm sorry if I couldn't do more. I thought I would help a lot of people while doing this project, but this looks lke not going on the right course, not in my opinion, and it currently seems I'm of more help, collecting from microplastics to numerous random trash from the surroundings of the shores, between the rocks and the sea, which is where I'm currently roaming and plan to continue long-term.
Let's keep the channel open to see if we can find new forms of collaboration.