![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
(emphasis mine)
I'm not really worried about programming language/environment similarities, on account of the audit server been written in a very popular programming language with zero package dependencies on a pretty standard OS image. The machine is extensively firewire walled of (mainly just DoS concerns). The audit server itself is insanely simple, it just has 3 endpoints which log requests/response to disk. And then I scan the logs with a script I wrote that checks for any form of cheating (e.g. seed reuse, nonces not used in order, seedHash not match etc.) and calculates what the profit is expected to be. The tool to audit the server log is actually a *lot* bigger and complex than the server itself. (Fun fact: Out of extreme paranoia, I've never shared with anyone the code that audits the audit servers log. Just incase I've made a coding error which would mean not identifying a type of cheating or miscalculating expected profits -- it's best if no one can know)
I think the bigger concern is perhaps that Daniel and I did decide to host it in the same physical datacenter on account of minimizing latency. That's potentially a weakness, although likely not a huge one. I assume you'd need be something like a state-actor to pull that off (being able to physically walk into the datacenter with guns and badges would probably make the attack a lot more feasible).
But if anyone advanced enough to pull off the perfect crime of pillaging a 2-independent server setup like bustadice, doing it for 35 btc like that doesn't make sense. Might as well have made it look less weird, and done it for 1000 btc+.
But yeah, in general I agree with you. I'd be like "oh shit, this is looking weird" if the exact same bets happened on bustabit (where there's no audit server). But with bustadice, I'm a bit like *yawn*. (Although I'm in a bit of a unique of not needing to blind-trust anyone). But I think it's a good reminder to investors about how risky bankroll investing is.