You are viewing a single comment's thread from:

RE: Steem & BitShares Cryptographic Security Update

in #steem8 years ago

Hi. I'm Paul. I've consulted on some of @faddat's projects. I don't follow Steem development closely, because I'm not on the technical side. I am not a cryptographer, cryptologist, or mathematician. My background is in US taxation and networking/systems.

I think we should acknowledge that there's history. I've witnessed Jake agonize over this code, trying valiantly (does anyone use that word anymore?) to make Steem work from other websites. It's been frustrating for him, and also for many others who've poured a lot of time and resources into what they expected to be a straightforward task. And when he's spoken about it openly (as I would too) there's been some icy reception.

Ultimately, we're talking about his tone here. If he had said essentially the exact same thing without mentioning how unsettling he found it, we wouldn't be having this discussion. And if he turned out to be wrong, so much the better. I think all of us are happier knowing the blockchain is uncompromised.

If he comes off as brusque -- yeah, he does that. He gets a pass from me, because I know his intentions are honest. I also get it if you don't see that.

Can we put this behind us? The world needs blockchain technology, and it needs it badly. Any Steemit hackers are invited to come have a coffee with us here in Siem Reap. Let's make magic happen.

Sort:  

We have many JS libraries that could be used off the shelf that already implement proper canonical signature signing.

You are no doubt right. My intention with this post was instead to the address the lack of trust between the two projects (and indeed, in the broader crypto community). I think we can do better than we're doing.

I think the way in which we could do better is to all stop making excuses for @faddat's unwarranted tantrums and mudslinging.

The code is there for him to review, and all the demands he was making could have been resolved by him taking 5 minutes to read it. (He even had three experienced devs helping him in the comments in the linked thread.)

Instead, he chose to (in order): assign blame, be passive aggressive, play the victim, and then speculate about malice—without basis. We are all now aware of how productive these behaviors turned out to be.

He shouldn't have to speculate very much more to figure out why he is unwelcome in our Slack.

We welcome constructive feedback, positive and negative. This wasn't that.

We are a very small team and reading and responding to this sort of toxic behavior has tangible effects on our productivity.

he chose to (in order): assign blame, be passive aggressive, play the victim, and then speculate about malice—without basis.

Not to mention the DAWN project which I believe he is involved in and their recent cointelegraph article, with the timing in mind you could very well class this as pure FUD.

I read the article @abit linked below. It couldn't be more vague.

sniffs

"Is that vapour in your ware?"

No vapor is found at github.com/dawn-project/glogchain

And we'd be honored to have you as a user, @l0k1.

We didn't want to use javascript, @dantheman. We wanted to use go so we could integrate it on the back end and achieve more than a superficial integration. Since you wrote graphene in C++ I'm sure you know what I'm talking about regarding javascript vs actual systems programming languages like C, C++, java, go, or rust. Ain't no beef in the land of javascript by comparison. If you want beef, you've got to go lower level, and we wanted to build beefy steem integrations.

Please, don't tell me you think your js libs make it all okay, because I know that you know they don't.

Now that @baabeetaa has the answers he needed, we will be integrating on the back end, because @baabeetaa is a badass.