Disclaimer: I am a part owner of MoneyPot, which this product would be a competitor with.
That said, I would not do another project with Johnny. I gave him work a few months ago to build a site using MoneyPot's API (wagecoins.com), and not only did he completely whiff the timeline (a little over a week turned into multiple months), but he completely messed up one of the key features (rakeback function) to the point another developer had to be brought in.
I will ask David (the client in this case, owner of wagecoins) to leave a review here as well.
Interesting idea, although the moneypot work issue doesn't build much confidence in this project actually getting completed, would be good to see the response from the dev regarding this.
This is true. We had work assigned through AcoinL.L.C, the work had to be done for David (project owner). Unfortunately that timing was bad for our company because we lost 2 of our programmers that month (one of them left before, the other left in about a week after getting the work). So I took the job myself with my co-worker. We absolutely didn't met the timeline I must admit.
Despite all we're still in contact with David and I could say our relationship is good. We communicate at Skype (even today, we wrote him about our service and he really liked it). We've tried hard to actively resolve everything back then and I think there's no hard feelings between us and David.
BTW is this the same people from behind coindice? A while back I volunteered to help someone from bustabit who bought those scripts and had all their money stollen. If I'm not mistaken, this was the same outcome of all people who bought the scripts?
It was a while ago, so my memory is a big foggy -- but I believe that in a less than an hour I found 2 or 3 serious security vulnerabilities. I remember one was that you could use bets to undo the change in balance from a withdrawal (at the start of the bet processing it recorded the persons balance, and then at the end of the bet processing set the balance to $BALANCE = $OLD_BALANCE + $WIN_OR_LOSS_AMOUNT, which would overwrite all actions in the mean time (e.g. withdrawals). I think enough vulnerability was you could just DDoS the site, until the RPC would fail with "could not connect to username:password@host" or something, leaking the username/password). And I think there was another, but my memory is pretty hazy.
That said, no one is perfect and pretty much everyone fucks up things in one way or another (and that applies to me, I had a very serious screw up of my own). So I won't fault you for it, but I think that I lot can be learnt from how it was all dealt with. I never really followed it much after that, so what ended up happening? Did the script get fixed? And there now coindice sites operating without being hacked? Were people who bought the scripts reimbursed for the hackings, or at least for the money they paid for the scripts? etc.
That was our beginnings. It's true we've learnt security the hard way. And your information are correct. Anyway these days our scripts work with no problem and we also have some employees for security only. Most of the victims of our poor coding back then was compensated. All of them received at least the price of the script.
But as you say, it's a history. We've made some pretty big mistakes, but I see it as good thing we could learn from. Now we have pretty skilled team of security guys we're working with every day and everything is properly tested. Security is more important for us than enything else.
