We have recently announced that we have made the Smartz source code fully available. Today we would like to tell you more about the rationale behind this decision.
Openness is one of the main advantages of blockchains. However, the open-source software movement originated much earlier than the first blockchain project, back in the 1970s. This movement defends the four essential freedoms for software users: run, study, modify your software, and distribute software copies, modified or not. The movement’s philosophy is that the use of computers should not prevent people from cooperating. These principles formed the basis of decentralised projects that could not be implemented without open source code. There are simply no trusted sites, which means that the only way to prove the good faith of the code that often performs mission critical functions is to make this code publicly available and submit it for general audit.
Almost all projects in the crypto industry are open source, and all the critical security-related libraries have not only been made public, but also tested by experts hundreds of times, then copied into many different projects and proven to be reliable. Closed code can only be used for a limited (centralised) part of the project; for example, for the backend of a centralised website. In other cases, the fact that it is closed often indicates that the code is incomplete or there are other problems with its development.
At this stage, Smartz needs a backend if we don’t want to seriously complicate the life of our users. But we are systematically moving the backend functions to smart contracts and only leaving a small part that makes working with Smartz more convenient. Gradually, parts of the backend will be transferred to the blockchain, JS frontend or decentralized storage like IPFS. That is why we don’t believe it makes sense to hide the code that is based on a reliable open-source engine, whose security model is well known to any penetration tester. All Smartz platform repositories are available at GitHub.
In our Technical Whitepaper, we mentioned that we were going to make the Smartz platform fully decentralised. This means that the tasks of managing the platform will be delegated to a large number of people. Anybody who wants to can make sure that the code works exactly as intended and easily reproduce any part of the code. In the end, Smartz will become a large and complex DApp, which will manage the lifecycle and infrastructure of less complex and more personalised DApps.
From the very beginning, we have been trying to make the maximum number of logically separated Smartz services decentralised. For example, this applies to authorisation through the blockchain. As of today, you do not need to register to start using the platform. To log in to smartz.io, you just need to send a signed transaction through the MetaMask (for Ethereum) or Scatter (for EOS) browser extension. So smartz.io already does not store user passwords, even encrypted ones.
The new decentralised paradigm allows each user to download the platform’s client and run it to become part of the platform and enjoy all its features. The system’s stability and security will be raised to a new level. As for advanced users, they will be able to compile the client from the source code to verify its authenticity. We didn’t open the code just for security reasons, but also to build the community’s trust in our project. In addition, we want active community members to be able to suggest changes to the source code, make those changes themselves, detect bugs, and improve the system.
We believe that in this way we will help the entire industry and individual developers to successfully create new and more complex blockchain-based applications.