What would you rather we talk about?
Where you go from here.
-You very nearly released a market with a critical bug. The SDC Team has pushed headstrong into dev of market before really testing/peer reviewing the anon.
-Could there be more critical bugs?
-If Tecnovert is no longer in the picture then how will SDC manage without a cryptographer
-Asking why an official Team blogpost was released prematurely claiming anon unbroken when in fact was broken.
-Asking why The Team could not find the bug after 10+ hrs of internal testing without more help from the bug finder.
-How to reassure users they can trust the anon?
i.e. some attempt to learn from mistakes made. pretty basic stuff really.
I can't say anything thing else than this man is telling the truth. The dev(s) made huge mistakes. Shadow is a big disappointment for guys like me, who have invested a lot of money in shadow for more than a year. There is actually one thing, I don't really understand, why are there still so many buyers? After the news, I expected SDC to go minus 80% or so. Is this problem so easy to solve?
Putting it all together, the big mistakes, the time we have been waiting, I only can conclude this project looks very fragile.
Nah, Shadowcoin is completely fine. The issue has been vastly overblown, aimed for maximum damage towards Shadowcoin. It speaks volumes how a FUD army of newbie accounts comes in to talk shit about the project, and promote their own. (In this case Monero) If anything, I'm disappointed that parts of their community can behave so lowly.
By nature, no software is secure and claiming otherwise is naive. Bitcoin, Monero, Shadowcoin, Dash, cannot (and do not) claim that their security is impenetrable. Human mistakes happen and code is imperfect. Most serious cryptocurrencies (including Shadowcoin) even have a bug bounty program for this precise reason.
While I'm glad Shnoe pointed out this major security flew, he went about in the wrong way. The standard professional (and respectful) course of action is to resolve security issues in a private manner -not by making a public blog post about it. Privately exposing bugs is not about "withholding information" or "hiding incompetence" or anything of the sort. People privately expose bugs to reducing the chance of exploiting the bug, and giving the developers time to properly resolve the bug.
Now give Shadowcoin some leniency, stop spreading FUD, and move on with your life.
Smooth already pointed out that it's not the best way to make it privately and in my eyes he is absolutely right with that:
code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true.
There is no way to minimize the "financial damage" by reporting it privately, except to allow insiders to trade ahead of everyone else. Brilliant idea.
If the report were untrue, that would be a different matter. It certainly was true. If anything, more financial damage was caused by the false "Deanonymized? Nope" statement put out by the Shadowcash team about the report being incorrect and that it couldn't be reproduced after 10 hours of work by your core developers. That may have misled people into making trades on the basis of a false statement (yours). That's what I call financial damage.
Maybe you guys should have worked on it privately instead of making a statement to (falsely) calm the market when you didn't know what you were talking about.
