OK, the Top cryptocurrencies all have one characteristic in common.
Transparency. (The degree of which, in investor terms can vary widely)
Translated in "tech" terms, the code used in the top crypto projects is almost always Open Source.
In theory, Crypto Open Source Solutions allow anyone to view the code and test the validity of the code's security AND mathematical proofs are well documented proving the cryptography claims designed to secure your transaction payloads. Also important is the transparency in the form of well documented explanation as to how "Consensus" the approval of those transactions work.
In contrast, take for example, the 'ballyhoo' around SWIRLDs a few years ago, the Hashgraph (SWIRLDS copyright protected term) tech using a modified form of the GOSSIP protocol to build distributed ledger transaction protection Fintech which would "take the fintech world by storm". Well a few years later after first deploying the SWIRLDs https://www.swirlds.com/ solution with a network of credit unions as a permissioned, private distributed public ledger protecting fiat payment transactions, the same savvy tech founders have emerged to recently release Hedera Hashgraph, the offshoot of that original SWIRLDs project. I use Hedera only as an example as to how you, the potential investor, can approach an "Under the Hood" examination of any crypto_currency's tech, without worrying about how much tech knowledge or expertise you have or don't have.
Here are few questions you should ask when checking out their crypto tech "Under the Hood":
Q1? Is <Hedera> an open source project and 100% Transparent?
Q2? Is the <cryptocurrency_name> documentation there for all to see to rapidly comprehend how their crypto tech works?
Q3? Does the documentation provided explain in simple layman terms, how their crypto tech offer creates and also validates the strength and resistance of that encryption against known attacks and,
Q4? can We really trust the consensus protocol of that cryptocurrency & its "blockchain" to protect my transactions as advertised, based on their mathematical proofs?
All reasonable questions to establish a reasonable preliminary investor "Transparency Score" for the tech they use, especially in the case of the SWIRL spin off of Hedera Hashgraph for a network of Credit Union and Banks or anybody for that matter looking to leverage cryptocurrencies and distributed public ledgers within their business or organizational model.
Again using SWIRLDs as an example, how does SWIRLDs score, for these first four "Transparency Test" questions, using all or nothing 1- yes, 0- no type scoring:
Q1- 0/No - While you can download the SDK, there is no open source community scrutiny, AND SWIRLDs reserves the right to charge you fees, hmmm
Q2- 0/No - No real good source of documentation other than SDK comments in the code, watching videos and a read of Their Whitepaper, maybe I missed something?
Q3- 1/Yes- This is a 'gimme" on my part, SWIRLDs does go out of their way in the videos productions to show how SWIRLDs Gossip works, a known tech re-applied
Q4- 1/Yes- a gimme again. Again SWIRLDs is re-applying known mathematically proven gossip tech to protect transaction added the hashgraph, a directed acyclic graph or uni-directional Merkle tree if you like, used by other such as #IOTA, #Byteball and #NANO and some open source code and documentation does exist for and implmentation of gossip
Total Score = 2 of 4 (Yes) , ok batting .500, not bad but, not great, especially if you are an investor looking for Open Source Transparency to lower the risk of your investment.
Clearly SWIRLDs as deployed, is a private permissioned distributed ledger tech which competes directly with the forked blockchain variants of #Ethereum and #Hyperledger, where operating your own crypto-currency in the former and latter case is of no concern (Ethereum ERC20 fans promote the 'middle' option with their on cryptocurrency and consensus method to approve transactions in most cases, looking to add value (speed, more security, private vs. public for auditing, etc..) .)
So if that is what you are looking for, private permissioned distributed ledger protection of fiat transactions, then SWIRLDs is an option, however you need to sign an agreement with SWIRLDs anyway to use their fin-tech SDK and, you will need to pay fees for using it your own fin-tech creation.
All good, however as an investor is that enough info "under the hood" to actually jump on the Hedera Hashgraph HBAR https://coinmarketcap.com/currencies/hedera-hashgraph/ bandwagon?
To Hashgraph or DAG? That is the Question: Comparing similar crypto tech "Under the hood" prior to making an Investment:
OK first, let's be clear, Hedera Hashgraph, is a different "technical beast" from SWIRLDs, even though the founders are claiming victory based on earlier SWIRLDS deployments with leave private permissioned distributed ledger clients hoping some of that "success' (Which is really hard to quantify given the NDAs in place) will rub off on #HBAR, so that requires you, the savvy investor to scrutinize Hedera Hashgraph under the "Open Source" lens with more vigourously than you would for SWIRLDs since you do have other investment options like IOTA, #Byteball and #NANO using DAG tech as well. This link here https://walletinvestor.com/magazine/comparison-of-direct-acyclic-graph-dag-based-cryptocurrencies/ from 2018 does a good quick overview justice of the three, so have a look, as this is only 24 months old, occuring right after the December 2017 market spike.
Does this older article really get "under the hood" technically? IMO nope.
To really understand the tech "Under the Hood" without being "too technical", and investor is best served to scan the repositories holding the open source used in these projects to better understand how Transparent the projects really are relative to their investment consideration, in this case HBAR, versus a baseline of well-known cryptocurrencies and distributed ledger implementations using DAG and communications protocols used in the Consensus process similar to HBAR's use of Gossip protocol.
The big question an investor should always as: , Who scores better on the Transparency (can I really trust this team) Score, and where should I place my investment purely based on the degree of Transparency the project and team offers to the investor?
For me, this is one of the biggest questions, together with the array of question as follows:
What tech did they actually use to:
Q5? a- build their distributed ledger? (Lnguages, stack components, Test plans and test case frameworks, provisinoing systems to update, etc...)
Q6? b- implement their consensus protocol ? (Same as above) and
Q7? c- encrypt their currencies and wallets?
Why did they choose a, b, c being :
Q8? - Because it's what they know?
Q9?- Because a, b,c choices are better than currency legacy tech at
Or Because its the latest for a, b, c for the following reasons:
Q10? - future quantum computer hack proof ? etc...
Ok I could go on and on here, that is not the point.
Any line of questioning can "go Pear shaped" the longer you "beat the horse", maybe you are the type (sometimes I fall into this category) that "beats that horse 'til it's dead", or "your eyes glaze over" and you move on, having talked yourself out of a potentially good short, medium or long term investment".
The point is, any potential crypto investor should come up with a list of "crypto tech" questions, supported with a structured approach to your "tech research" which uses good tools to help you reach the right conclusions when comparing different investment tech.
#Github, #Gitlabs, #Bitbucket, #NPM, are such opensource software repositories which can be utilized to help any investor dive into the "tech weeds" and can provide the raw information you need on things like:
a. Programming Language Use
b. Size of Developer Community supporting and driving the development forward
c. Licensing Type per Component to help with Corporate or Organization License Use Compliance Guidelines
d. Technical Overviews( often missing in action) but check the README file as a minimum, usually worth linking to the advertised website for the Stack
e. Key Developers driving the project (maybe they include a linkedin to their online profile, and actually tell you who they work for..)
f. Issues Open, Solved, how long it took to close the issues, etc..
g. How many have "forked" the code to use in their own projects, as opposed to "fork" the code and request a join of their fix/feature add/feature change version back into the original main branch of the code, and how long did that take, and who worked on that code, when di they work on it, etc...
And the big one for many in the crypto world of investments:
h. Vulnerabilities, what do they look like, who found them, is working on them, what priority does the work have what is the potential damage and on what platform...
All of the above is called "Software Composition Analysis" of just SCA , where not al SCA tools are crested equal in terms of ease of use especially, ranked and compared by the research groups out there like Gartner Group , where its worth mentioning, on the side, Gartner are currently telling those in the crypto markets 2020 will be the increased use of mobile devices to facilitate rapid growth in cryptocurrency payments. (Yet another "crypto-tech" item to look at to evaluate risk, -ie ask all the questions above, this time applied to mobile UI/UX, front end and back end open source component stacks used to deliver such mobile cryptocurrency transaction capable services)
SCA or more?: DEEP Software Forensics for Free?
SCA is a painstaking task taken on by corporate legal counsels (Licensing Compliance), Chief Security Officers "CSOs" (Vulnerabilities), CEOs, COOs, and their product, project of service managers (Who is using the stack, traction in community, cost offset make versus integrate?, etc..,) to ensure the corporation or organization makes the best decision as it applies to mitigating risk to keep their operations running smoothly, so called "Business Continuity" insurance. The problem with SCA? SCA is time consuming, and does require a big "Dot connector" mentality and approach plus a lot of patience, sorting out and comparing all the great raw data points between the investments under consideration found in these repositories by these SCA tools, often presented as "mind numbing" rows of text. (think eating crackers without water)
The above SCA exercise is something I did regularly until last May 2019, when sometime in May, on the advice and direction of colleague in Finland, I stumbled upon a group of developers looking to make the above SCA less of a chore, by converging all these repositories, including related social tech forum information and opinion, to make the job easier for developers, QA engineers and Devops experts to build great software on time, with few bugs and great performance, by effectively getting and keeping everyone on the same page, every day.
There is something to be said about having a well coordinated development team, which is no different than having the same for investments, and this little effort, born in Finland with some nearshore development, data science and devops as well as UI/UX smarts located in Belarus and the Ukraine looked to be up to the cohre to morph SCA into something more useful to a wider audience, including investors in crypto.
When looking " under the hood" of some of these crypto investment opportunities, I found the team's SCA "morph to something more useful" effort, now called STACKSCAN, really made it easy and fast for me to understand the world of crypto in technical terms "Under the Hood", which helped me reduce the risk of my crypto investment decision process. :)
Thankfully, the STACKSCAN developer group (it's a 100% Open Source effort, to be posted here on github soon after the free "Invite only" period), for whom I now provide some personal consulting and advisory services to, is releasing a free version this month for anyone to use, with no registration required, which will help anyone making investments in crypto get "Under the Hood" and see for themselves where the tech risk is the crypto investment projects they are considering, where Investors can get an answer to the REALLY BIG BURNING question:
"Can the crypto project team really pull it off (their delivery target and feature set @ scale) given their tech choices, especially in light of other investment options one has employing similar tech?"
That answer, in my own experience, can be more easily and quickly using the STACKSCAN Free Services (I have online access to earlier versions) to better qualify each tech stacks in questions, from an investor perspective.
Its a big question for me, and hopefully is for you as well, before I "place my money where my educated brain is" and I welcome these new tools which actually make SCA really easy to utilize, as part of my investment investigations into different crypto offers I might be considering.
My advice is, check out STACKSCAN's Whitepaper first (I helped write it).
Second, when the new STACKSCAN Free DEEP Software Forensic Service does come out later in March 2020, please give it a try.
If you are at all interested in trying out STACKSCAN early, you can send me a note in the comments section of this Publish0x post and, I will arrange easy access to the Free Service during its first few weeks of "invite only" operation, later this month.
The only caveat? If I give you early "Invite Access only", please do give me a bit of feedback, ie- whether you like the service or not or, would like some changes or, extra features to the free service, to help you with your crypto investments. I make no promises but, I will see what I can do to make that happen, working with the core team at STACKSCAN to do so.
n.b- Your ask may not happen over night or in the form you were thinking, however we will consider any and all feedback.
Also we will shift that feature and info, Q&A conversation to Discord Server fairly soon later this month, so you will be able to join with an invite link I will publish here and on linkedin.
Full disclosure, STACKSCAN will always offer the free service, however the STACKSCAN core team (it's very small) does need to earn a living, so you may see related ads pop-up from time to time as the STACKSCAN core team works smartly toward delivering PAY4, private cloud wholesale versions of the STACKSCAN services running on Google Cloud, Amazon or MS Azure, each of which is to be delivered to interested development, QA and Devops teams by budding Cloud Service SI partners, a bit later in the year.
Be sure, if you have the time, to also "cobble up" your own questions and add to the comments below so this post serves as a resource to all the readers on Publish0x. ;)
That's all for now, let me know what you think about this post and STACKSCAN in the comments section below and,
good investing, ;)
TK over and out