shawshankinmate37927



Offline



Activity: 854

Merit: 1000





Bitcoin: The People's Bailout







Hero MemberActivity: 854Merit: 1000Bitcoin: The People's Bailout Re: Open Investigation into Just-Dice/Dooglus September 22, 2013, 01:47:19 AM #21 Quote from: Daggett993 on September 21, 2013, 10:16:58 PM I would like the redact my claims. It seems I let my bias get the best of me and I don't like baseless scam accusations from others on the forum, so it seems that I should hold myself to the same standard.



While I still believe certain things are suspicious about the big JD losses, I would like nothing more than an open discussion of it. Thank you all and apologizes for coming off so strong.



I commend you as well for redacting your accusations. I understand it's tough to stomach a 50 BTC loss, but that doesn't justify attacking someone's character. Dooglus took some losses himself a few weeks ago when the whales took JD's bankroll into the red. You just have to realize that an investment in a gambling site with a 1% house edge and ~500 BTC max bet is going to experience a lot of variance. I commend you as well for redacting your accusations. I understand it's tough to stomach a 50 BTC loss, but that doesn't justify attacking someone's character. Dooglus took some losses himself a few weeks ago when the whales took JD's bankroll into the red. You just have to realize that an investment in a gambling site with a 1% house edge and ~500 BTC max bet is going to experience a lot of variance. "It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford

shawshankinmate37927



Offline



Activity: 854

Merit: 1000





Bitcoin: The People's Bailout







Hero MemberActivity: 854Merit: 1000Bitcoin: The People's Bailout Re: Open Investigation into Just-Dice/Dooglus September 22, 2013, 01:55:01 AM #22 Quote from: ghibly79 on September 21, 2013, 09:21:22 AM Quote from: Daggett993 on September 21, 2013, 08:52:29 AM I'll acknowledge that the domain argument is not very powerful, however it is clear that my concern is not unwarranted. It is very improbable for a casino to receive 1.2M bitcoins wagered and still tread far below their expected profit.



Not improbable when one guy does single bets that high (100-500 btc a go). As I wrote in the other thread, many players had doubled/tripled or even more small bankrolls, eventually losing. Not so surprising for a guy with a 10k+ bankroll to win 8k (80%).



It's like winning 8 btc starting with 10, doing 0.1-0.5 btc single bets. Not unlikely at all, seen it hundreds of times.

Not improbable when one guy does single bets that high (100-500 btc a go). As I wrote in the other thread, many players had doubled/tripled or even more small bankrolls, eventually losing. Not so surprising for a guy with a 10k+ bankroll to win 8k (80%).It's like winning 8 btc starting with 10, doing 0.1-0.5 btc single bets. Not unlikely at all, seen it hundreds of times.

Yes, not improbable at all. In fact, I once personally turned a $500 bankroll into $4000 in one weekend betting on red and black at a roulette wheel in Atlantic City; and roulette has a much higher house edge and a much lower max bet (and higher minimum bet). Yes, not improbable at all. In fact, I once personally turned a $500 bankroll into $4000 in one weekend betting on red and black at a roulette wheel in Atlantic City; and roulette has a much higher house edge and a much lower max bet (and higher minimum bet). "It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford

cowbay



Offline



Activity: 77

Merit: 10







MemberActivity: 77Merit: 10 Re: Open Investigation into Just-Dice/Dooglus September 22, 2013, 05:36:00 AM #23 Quote from: Daggett993 on September 21, 2013, 10:16:58 PM I would like the redact my claims. It seems I let my bias get the best of me and I don't like baseless scam accusations from others on the forum, so it seems that I should hold myself to the same standard.



While I still believe certain things are suspicious about the big JD losses, I would like nothing more than an open discussion of it. Thank you all and apologizes for coming off so strong.



Rare case of cognitive dissonance losing out to rational thought. I commend you Daggett993. Rare case of cognitive dissonance losing out to rational thought. I commend you Daggett993.

cowbay



Offline



Activity: 77

Merit: 10







MemberActivity: 77Merit: 10 Re: Open Investigation into Just-Dice/Dooglus September 23, 2013, 01:05:53 AM #31 Quote from: Anduck on September 22, 2013, 05:25:45 PM Well.. You guys must realize that it would be very easy and untraceable thing as dooglus to steal from investors. He knows the seed and can act as players and steal thousands, hundreds or tens of bitcoins - and nobody will ever know!



Yes, that would be the ultimate way to steal. To mitigate the risk, however, would involve allowing inquiry into a suspected user's betting history, which presents separate issues. One can also spread out winnings across multiple accounts so as to fall below investigation threshold.



Perhaps there is a way to make the server seed "provably secure" without introducing other risk factors such as collusion, however for now it is solely relying on trust in doog. It is a required condition to invest in JD. Yes, that would be the ultimate way to steal. To mitigate the risk, however, would involve allowing inquiry into a suspected user's betting history, which presents separate issues. One can also spread out winnings across multiple accounts so as to fall below investigation threshold.Perhaps there is a way to make the server seed "provably secure" without introducing other risk factors such as collusion, however for now it is solely relying on trust in doog. It is a required condition to invest in JD.

Dabs



Offline



Activity: 2730

Merit: 1446





The Concierge of Crypto







LegendaryActivity: 2730Merit: 1446The Concierge of Crypto Re: Open Discussion of Just-Dice September 23, 2013, 04:58:13 AM #32 There is a potential solution. But it would require unwanted delays and the game would no longer be instant, and we would be relying on third party servers. Too much negative, a lot easier to just put some faith in humanity.



I could, for example, use multi-sig escrow. But people who would want that can do it themselves, and that still presents the problem of all must be in agreement, or else the funds will be stuck. It's a lot easier, again, to put some faith in some humans (like me? like dooglus? like John K? like the bitcoin devs? like the owners and operators of online wallets?) and have them do what they claim they will do.



It's rather unfortunate that some have to default, disappear, suffer, get hacked, die, hit by a bus or train, or have other problems.



As one motivational speaker put it, "I take the money, you paid me. I don't need your money. But I take it anyway. I provide you your money's worth. I give you a seminar for 1 day or 3 days. If you feel you've been cheated and did not learn anything from my lecture, feel free to ask your money back from me personally, and I will give it to you." Escrow Service (Services) - Feed Some Children by Dabs (Donate!) - GPG ID: 32AD7565 , OTC ID: Dabs

XLR Solaris

DAM Datamine Network. FLUX. Time is money 2.0 XLR Solaris https://bitcointalk.org/index.php?topic=1831629.0 DAM Datamine Network. FLUX. Time is money 2.0 https://datamine-crypto.github.io/realtime-decentralized-dashboard/

darkmule



Offline



Activity: 1176

Merit: 1005









LegendaryActivity: 1176Merit: 1005 Re: Open Discussion of Just-Dice September 23, 2013, 08:22:30 PM #34 11K is certainly at least interesting. For that kind of money, even a Vegas casino would be reviewing all their security cameras and bringing in the pros. It's not absurdly out of variance, and it would be absurd, actually, if there weren't streaks like this. IIRC, Satoshi Dice operated in the red for months at a time.



But $1,460,000+ is some serious scratch regardless.

alp



Offline



Activity: 285

Merit: 101







Full MemberActivity: 285Merit: 101 Re: Open Discussion of Just-Dice September 24, 2013, 07:24:37 PM #35 I looked at the way the rolls are generated and it seems that someone who knows the server seed can easily cheat the system and even in a way that looks legitimate. I haven't looked too long at it, so forgive me if there are mistakes.



From my understanding, there are three things used to generate a roll:

1) Server seed

2) Client seed

3) Roll #.



The server has its seed determined ahead of time. It publishes the hash so you know it isn't changing it out from under you. The client seed is something you can choose. The roll number is the sequence of rolls.



If I have all of this information, I can roll 10 times ahead of time with a client seed, see if I have an advantage, then bet as needed. I can also choose to bet on winning payout values since there is a winning value at almost any level. To keep it simple, you might just want to pick one high-odds payout, and run 100 rolls, then see which client seed pays out the best, then run that seed.



Hopefully I am just overlooking something, but if the server seed has been compromised in any way, its incredibly easy to pick a client seed and bet amount that pays out +EV over time. This could be an insider, someone who has somehow gotten access that shouldn't have, etc...



Maybe someone can explain why I'm wrong, though. I am looking for a good signature. Here could be your advertisement

pascal257



Offline



Activity: 483

Merit: 262







Sr. MemberActivity: 483Merit: 262 Re: Open Discussion of Just-Dice September 24, 2013, 08:30:34 PM #36 Quote from: alp on September 24, 2013, 07:24:37 PM I looked at the way the rolls are generated and it seems that someone who knows the server seed can easily cheat the system and even in a way that looks legitimate. I haven't looked too long at it, so forgive me if there are mistakes.



From my understanding, there are three things used to generate a roll:

1) Server seed

2) Client seed

3) Roll #.



The server has its seed determined ahead of time. It publishes the hash so you know it isn't changing it out from under you. The client seed is something you can choose. The roll number is the sequence of rolls.



If I have all of this information, I can roll 10 times ahead of time with a client seed, see if I have an advantage, then bet as needed. I can also choose to bet on winning payout values since there is a winning value at almost any level. To keep it simple, you might just want to pick one high-odds payout, and run 100 rolls, then see which client seed pays out the best, then run that seed.



Hopefully I am just overlooking something, but if the server seed has been compromised in any way, its incredibly easy to pick a client seed and bet amount that pays out +EV over time. This could be an insider, someone who has somehow gotten access that shouldn't have, etc...



Maybe someone can explain why I'm wrong, though.

As far as I understand you're absolutely right. But that requires, as you already said, that the attacker indeed has access to the server seed.

The question is if its easier for an attacker to just try to access the site wallet directly and steal that way, or to figure out how to get the server seed and then have to hassle with predicting his own rolls etc.



Edit: Or maybe he figured out how to generate the server seed from the client seed? As far as I understand you're absolutely right. But that requires, as you already said, that the attacker indeed has access to the server seed.The question is if its easier for an attacker to just try to access the site wallet directly and steal that way, or to figure out how to get the server seed and then have to hassle with predicting his own rolls etc.Edit: Or maybe he figured out how to generate the server seed from the client seed?

alp



Offline



Activity: 285

Merit: 101







Full MemberActivity: 285Merit: 101 Re: Open Discussion of Just-Dice September 24, 2013, 08:37:08 PM #37 Quote from: pascal257 on September 24, 2013, 08:30:34 PM Quote from: alp on September 24, 2013, 07:24:37 PM I looked at the way the rolls are generated and it seems that someone who knows the server seed can easily cheat the system and even in a way that looks legitimate. I haven't looked too long at it, so forgive me if there are mistakes.



From my understanding, there are three things used to generate a roll:

1) Server seed

2) Client seed

3) Roll #.



The server has its seed determined ahead of time. It publishes the hash so you know it isn't changing it out from under you. The client seed is something you can choose. The roll number is the sequence of rolls.



If I have all of this information, I can roll 10 times ahead of time with a client seed, see if I have an advantage, then bet as needed. I can also choose to bet on winning payout values since there is a winning value at almost any level. To keep it simple, you might just want to pick one high-odds payout, and run 100 rolls, then see which client seed pays out the best, then run that seed.



Hopefully I am just overlooking something, but if the server seed has been compromised in any way, its incredibly easy to pick a client seed and bet amount that pays out +EV over time. This could be an insider, someone who has somehow gotten access that shouldn't have, etc...



Maybe someone can explain why I'm wrong, though.

As far as I understand you're absolutely right. But that requires, as you already said, that the attacker indeed has access to the server seed.

The question is if its easier for an attacker to just try to access the site wallet directly and steal that way, or to figure out how to get the server seed and then have to hassle with predicting his own rolls etc.



Edit: Or maybe he figured out how to generate the server seed from the client seed?

As far as I understand you're absolutely right. But that requires, as you already said, that the attacker indeed has access to the server seed.The question is if its easier for an attacker to just try to access the site wallet directly and steal that way, or to figure out how to get the server seed and then have to hassle with predicting his own rolls etc.Edit: Or maybe he figured out how to generate the server seed from the client seed?

There could be many reasons. Perhaps the wallet isn't as easily as accessible. Perhaps he could figure out the seeds on his own. Perhaps it was an inside job and it's easier to have plausible deniability when just some guy gets lucky. Or someone could have just been lucky!



That being said, if it's this simple to cheat, why anyone would "invest" in this site seems a bit crazy to me. It's also equally easy to just walk away with the investments, although perhaps the threat of prosecution or retaliation is great enough that it's easier to just do it subtly. That being said, if someone wanted to do it subtly, why create a single account that exploits this? But people have done dumber things in the past. For example, POTRIPPER: There could be many reasons. Perhaps the wallet isn't as easily as accessible. Perhaps he could figure out the seeds on his own. Perhaps it was an inside job and it's easier to have plausible deniability when just some guy gets lucky. Or someone could have just been lucky!That being said, if it's this simple to cheat, why anyone would "invest" in this site seems a bit crazy to me. It's also equally easy to just walk away with the investments, although perhaps the threat of prosecution or retaliation is great enough that it's easier to just do it subtly. That being said, if someone wanted to do it subtly, why create a single account that exploits this? But people have done dumber things in the past. For example, POTRIPPER: http://www.youtube.com/watch?v=FczbS7FiWSM I am looking for a good signature. Here could be your advertisement