[AJ007]

Nearly a year ago I made the comment --

"Who are these people[1] and what credentials do they have to build and run a cryptocurrency platform?" [1] https://angel.co/ethereum-1

Today, not a single cryptographer, mathematician, or anyone with software security experience is listed on the Ethereum Foundation member list[2]. I am not attacking any individuals by themselves, but as a group this says a lot.

For the record, what I see listed online today is a: consultant, magazine founder, a programmer, and a lawyer. On the advisory board a sales person, a psychologist, a leveraged debt consultant. On the "special advisors" list, which I have no idea what this means, maybe someone who answered a phone call a few times, one person with a bunch of business credentials, something "fintech" related with little explanation, and a tech CEO.

Maybe the Ethereum Foundation doesn't need anyone with deep experience in cryptography and security?

[2] https://www.ethereum.org/foundation

[geofft]

They've claimed the involvement of Ralph Merkle and Neal Koblitz.

https://twitter.com/IOHK_Charles/status/463794004492951552

https://twitter.com/ethereumproject/status/43337626144945766...

Of course, I haven't seen anything other than those two tweets to indicate their involvement....

[heliumcraft]

you are looking at a page listing boards and advisors, of course those wouldn't be the technical people. Look at the core teams behind the different tools (too many to list here quickly), as well as the devs working in companies in the ecosystem such as consensys and ethcore, they are all quite qualified and smart people. Two examples come to mind are vlad zamfir and Dr. Christian Reitwiessner.

[djcapelis]

I'm not really familiar with either of them so maybe there's ton of security experience that they have that I'm not aware of... but I sure wasn't able to find any when I looked up the history of either of those two people. If you wanted to make the case that they had programming experience, sure, totally. But software security experts? How do you figure either of them being one of those?

[jsprogrammer]

Why would boards and advisors of course not be technical?

[drcode]

Your comment from a year ago was pretty much entirely wrong: The ethereum platform has so far been stable and without exploits to this date. The exploits of theDAO and the exploits described in the article are smart program exploits, not exploits in the underlying platform.

Could the solidity programming language have some more features to protect inexperience smart contract programmers from themselves? Certainly, nobody is disputing that.

[homakov]

This is unfair to banish a company for not having enough "security experience". It could happen to anyone (i mean making such a design mistake), plus they afaik had some external audits.

"Aha, no security background!" is wrong.

[afrenchcoder]

How is it unfair ? We're speaking about crypto-currency here. "crypto" is so damn hard than even experts make mistakes indesign or implementation, and very often in both. And when they don't, it still doesn't mean it's secure... And now it's ok to have no expert and to use the result to manage _currency_ ?!? It might sound weird, but yeah, I'd like to have knowledgeable people to deal with my money

[qbrass]

People complained about the same criticism of MtGox back in the day.

[IncRnd]

Actually, "Aha, no security background!" is the exact right attitude to have.

[mjfl]

It is absolutely fair to banish a company for security credentials if it's dangling $150 million out in the open air.

[dang]

> What are you talking about?

Please don't be uncivil. It's damaging to collegial conversation, and it's against the rules (https://news.ycombinator.com/newsguidelines.html). Please edit such stuff out of your comments here.

[mjfl]

edited.

[dang]

Appreciated!

[drcode]

> if it's dangling $150 million out in the open air.

The ethereum foundation didn't do this, the slock.it team is a separate group responsible for this bug.

[heliumcraft]

The Ethereum Foundation had nothing to do with the creation of the DAO.

[burkaman]

That's like saying The Pirate Bay has nothing to do with piracy.

[heliumcraft]

It's like saying the WEB and HTTP protocol have nothing do with a SQL injection on some website.

[Inthenameofmine]

Generally speaking the longer someone has been in a specific field, the lower the probability of them thinking of a new method or agreeing with new things. This is a general pattern across the board with anything ews, startups, projects, etc.

As somebody working with a lot os startups, having somebody with 30 years of a specific core competency on the founding team is a huge red flag.

[amscanne]

Experience is a red flag? That's ageist, and absurd.

[IncRnd]

That's ridiculous.

[lotsoflumens]

You're making the mistake of believing that the CV's of token board or foundation members have anything at all to do with quality, reliability or integrity.

Such beliefs lead to the Appeal to Authority fallacy, and others.

[zmanian]

You see a common pattern in crypto projects. The core of the project is passionate autodidacts and the experts are in periphery.

Tor and Ethereum have ample access to experts via academic research, security auditors and academic consultants.

Tor worked hard to build up this pattern by encouraging a robust outsider community to form around Tor. Ethereum has done the same from the get go.

[malandrew]

just for a point of reference:

https://www.torproject.org/about/board.html.en

granted a few people with the right background, but also a bunch with backgrounds like those you listed.

[djcapelis]

You may want to read that list again. Over half of Tor's board of directors have deep experience in software security. And even their attorney has given talks at hacker conferences and is very, very well respected. Tor's board shows precisely the opposite: a deep list of well qualified people to run an organization that works on an important piece of security software.

[malandrew]

I did read it, which is why I said " a few people with the right background". I counted less than half, but my point was that it's okay for people without technical background to sit on the board of well known crypto projects.