Author

Topic: Just-Dice is not provably fair to gamblers (Read 4170 times)

member
Activity: 118
Merit: 10
June 19, 2014, 08:42:23 PM
#51
As dooglus's attorney and advisor I ask you remove your head from your ass,

Yeah, it probably doesn't need saying, but Kyle doesn't represent me in any capacity.

Please feel free to leave your head wherever it is.

Excellent response. Keep up the great work shredding whales with mathematics.
full member
Activity: 215
Merit: 100
Quote
By default its not provably fair, perhaps should put this on your site:

This game is provably fair*

*At Just-Dice, those steps are:
1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


No, by default the game is provably fair.  Provable is an adjective, it means that something is capable of being proven.  Just-dice can be proven to be fair.  As Doog explained, the user just has to take certain steps to do that.  And, as far as I know, of those who did take those steps, just-dice has been proven fair 100% of the time.  

Every user has the ability to prove that the game that they just played is fair.  It sounds like you just want the site to make it easier for users to prove that the game is fair.  Doog's position appears to be that the benefits of that, if any, are outweighed by the negative impact those changes would have on user experience.  If anyone disagrees, I'm sure there are other dice sites that make it easier to prove fairness, and if not, create one!  Maybe you're right, Doog is wrong, and users do prefer the steps to prove fairness to be easier, even if it requires changes that may be a detriment to the user experience.  Maybe there's some room for innovation there, and it can be done with little to no cost to the user experience.  

The point is, the game is fair, and with some effort that can be proven by anyone playing it if they follow Doog's instructions.  Just-dice is provably fair to gamblers.

The potential for anyone in Doog's position to do something dishonest (walk away with investor money, cheat his own site, switch the game with a different game that is unfair) has nothing to do with the fairness of the game.  That potential exists whenever someone must place their trust in someone else.  You can never prove that there is a 100% chance of honesty.  But you can make a rational, informed judgment, and all things considered this seems to be a pretty safe one considering the various incentives, at least in this context (I know little about and can't comment on whether the site is safe from hackers, for example, though it is a pretty big target and as far as I know other than a manual payout mistake early on, not much of any has been lost).

I agree with you that the site can be provably fair, and that has to be balanced with the user experience. 

My main point of the post is it is not provably fair by default.
If you visit the site for the first time, the client and server seeds are provided by the server, yes you can verify they rolled as expected, but it is also possible those client and server seeds were pre-prepared.

I am over the issue now, I am not going to do a crusade, I'll let the gamblers make their decisions.

Okay, how about first time someone visits JD it pops up for a name and then for a starting client seed? Would this stop making you, to use a JD term, butthurt?
mem
hero member
Activity: 644
Merit: 501
Herp Derp PTY LTD
Sounds like the same issue I hit satoshicircle for very hard.

The difference being after an extended gmail chat and then a good skype chat the site admin finally came around to seeing my point, and more importantly seeing that more trust == more clients.
legendary
Activity: 2940
Merit: 1333
That is a fair use case, If the user has requested it on one screen they shouldn't be bothered by a fancybox pop up on the others that say the seeds has been changed.
then you have no way to change the seeds during betting without the user knowing.

The seeds are stored on the server, and are invisible to the user.  I can change them at any point, whatever the javascript on the client side says, and just not tell the client about the changes.

The only way to detect such a change is to verify the rolls that were made.  This is the case for every provably fair site, of course.  If you don't take some small steps to verify the fairness, the site is able to cheat you.
newbie
Activity: 12
Merit: 0
That is a fair use case, If the user has requested it on one screen they shouldn't be bothered by a fancybox pop up on the others that say the seeds has been changed.
then you have no way to change the seeds during betting without the user knowing.
legendary
Activity: 2940
Merit: 1333
The code I refer to doesn't have anything to do with the randomize screen, I am saying you can replace the server and cliend seeds as well as the number of rolls on the fair tab any time you want with this code:
Code:
  socket.on("shash", function(data) {
    $("#shash").html(data)
  });
  socket.on("seed", function(data) {
    $("#seed").html(data)
  });
...
  socket.on("nonce", function(data) {
    $("#nonce").html(data)
  });

Oh, I see.

That's necessary because the user can change his seeds at any time.  When the user changes his seeds, I want the 'Fair?' tab to reflect that change on all his devices / browsers / tabs.  You see he may click 'randomize' on his phone, while having the site also open on his laptop.  I want to be able to update the 'Fair?' tab on the laptop even though he doesn't have the randomize dialog open there.
newbie
Activity: 12
Merit: 0
Don't forget the second point I made earlier that he can actually change the seeds anytime he wants during your betting, so he can figure out your pattern and then choose the corresponding client/seed hash, yes it would be more risky for him to do this incase someone actually wrote down their hashes, but really who does?

If he wanted he could remove his ability to change your seeds on the fly with a simple if statement, I have raised this with him and now the community, no one cares, then let it be.

I didn't address that because I don't think people are very interested, but you don't seem to know what you're talking about.

The field that holds the seeds is created on the fly when you click 'randomize'.  I can't change the value in a field that doesn't exist.  If the "randomize" dialog isn't visible, the seed field doesn't exist.

The code I refer to doesn't have anything to do with the randomize screen, I am saying you can replace the server and cliend seeds as well as the number of rolls on the fair tab any time you want with this code:
Code:
  socket.on("shash", function(data) {
    $("#shash").html(data)
  });
  socket.on("seed", function(data) {
    $("#seed").html(data)
  });
...
  socket.on("nonce", function(data) {
    $("#nonce").html(data)
  });
hero member
Activity: 728
Merit: 500
Quote
By default its not provably fair, perhaps should put this on your site:

This game is provably fair*

*At Just-Dice, those steps are:
1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


No, by default the game is provably fair.  Provable is an adjective, it means that something is capable of being proven.  Just-dice can be proven to be fair.  As Doog explained, the user just has to take certain steps to do that.  And, as far as I know, of those who did take those steps, just-dice has been proven fair 100% of the time. 

Every user has the ability to prove that the game that they just played is fair.  It sounds like you just want the site to make it easier for users to prove that the game is fair.  Doog's position appears to be that the benefits of that, if any, are outweighed by the negative impact those changes would have on user experience.  If anyone disagrees, I'm sure there are other dice sites that make it easier to prove fairness, and if not, create one!  Maybe you're right, Doog is wrong, and users do prefer the steps to prove fairness to be easier, even if it requires changes that may be a detriment to the user experience.  Maybe there's some room for innovation there, and it can be done with little to no cost to the user experience. 

The point is, the game is fair, and with some effort that can be proven by anyone playing it if they follow Doog's instructions.  Just-dice is provably fair to gamblers.

The potential for anyone in Doog's position to do something dishonest (walk away with investor money, cheat his own site, switch the game with a different game that is unfair) has nothing to do with the fairness of the game.  That potential exists whenever someone must place their trust in someone else.  You can never prove that there is a 100% chance of honesty.  But you can make a rational, informed judgment, and all things considered this seems to be a pretty safe one considering the various incentives, at least in this context (I know little about and can't comment on whether the site is safe from hackers, for example, though it is a pretty big target and as far as I know other than a manual payout mistake early on, not much of any has been lost).

I agree with you that the site can be provably fair, and that has to be balanced with the user experience. 

My main point of the post is it is not provably fair by default.

As was said before, the adjective in use here is "provably" not "proven". If something is provable, then it is possible for it to be proven, but it's not proven by default. Fairness on JustDice is provable, that is, it is possible to be proven, it is not proven by default.

There is nothing wrong with the way it is worded. If it would've said "Proven fair", it would've been a different matter.
legendary
Activity: 2940
Merit: 1333
Don't forget the second point I made earlier that he can actually change the seeds anytime he wants during your betting, so he can figure out your pattern and then choose the corresponding client/seed hash, yes it would be more risky for him to do this incase someone actually wrote down their hashes, but really who does?

If he wanted he could remove his ability to change your seeds on the fly with a simple if statement, I have raised this with him and now the community, no one cares, then let it be.

I didn't address that because I don't think people are very interested, but you don't seem to know what you're talking about.

The field that holds the seeds is created on the fly when you click 'randomize'.  I can't change the value in a field that doesn't exist.  If the "randomize" dialog isn't visible, the seed field doesn't exist.
legendary
Activity: 2940
Merit: 1333
yeah I never wrote it down, some people dont know how to do this hash or seed thing

Like you say, there's no way you can be sure a site isn't cheating you if you're not prepared to do a little work to verify things to your own satisfaction.

I designed JD to make it as easy as possible to verify your rolls.  I saw some sites which change the server seed every roll (bitzino, primedice), which makes it really quite tedious to verify things as a matter of course.  I saw other sites which change the server seed every 24 hours (coinroll, satoshidice) which means you have to wait up to 24 hours to verify your rolls.  So I made it that the player gets to decide when to change their seed, and only the player.  So if you want to make 100 rolls and then verify them, you can, simply by noting the hash before you start, making sure it's the same after you play, and using the verifier script.

If a player doesn't care enough to verify his rolls, then I can cheat him.  I don't know in advance which ones are going to check and which aren't.  I can't afford to get caught cheating even once, so I just don't cheat anyone.  Presumably the ones who don't verify their rolls either trust the site not to be cheating, or see gambling as just a bit of fun and expect to lose anyway so it doesn't really matter.  But I'm just guessing.
sr. member
Activity: 364
Merit: 250
yeah I never wrote it down, some people dont know how to do this hash or seed thing.  Its up to the people to trust him and the ones that care about winning should learn how to verify bets.  Maybe any dice site op can tell if someone looks at there seed so he wont dare change it.  So the best thing to do is to make sure its provably fair is to write it down and change seed on everybet.  Its not his job to force you to write it down.  Hes the Op not your baby sitter. No offence to doog, Im only saying this for all dice sites.  This goes for all sites that have provably fair verification.
newbie
Activity: 12
Merit: 0

I agree with you that the site can be provably fair, and that has to be balanced with the user experience. 

My main point of the post is it is not provably fair by default.
If you visit the site for the first time, the client and server seeds are provided by the server, yes you can verify they rolled as expected, but it is also possible those client and server seeds were pre-prepared.

I am over the issue now, I am not going to do a crusade, I'll let the gamblers make their decisions.

So what? Unless dooglus has psychic powers, he can't tell how you're going to bet.  Are you betting high? Low? 49.5%? 20%? 10%? Martingale? Progressive strategy? Bet 0.1 but 1.0 every tenth bet?  He doesn't know.  Therefore he can't create a seed that will give you unlucky numbers for your particular betting strategy.

Don't forget the second point I made earlier that he can actually change the seeds anytime he wants during your betting, so he can figure out your pattern and then choose the corresponding client/seed hash, yes it would be more risky for him to do this incase someone actually wrote down their hashes, but really who does?

If he wanted he could remove his ability to change your seeds on the fly with a simple if statement, I have raised this with him and now the community, no one cares, then let it be.
legendary
Activity: 2940
Merit: 1333
Even if he could, cheating that way would not be very wise cause as soon as someone would find out the unfair pattern he could abuse it for his own profit.

Very good point. It If I always put a streak of 10 high rolls and another streak of 10 low rolls in the first 100, you could spot them quite easily and take advantage.

The best sequence of rolls from the site's point of view is a random sequence, because then the player can't work out the pattern and use it to his advantage.
sr. member
Activity: 313
Merit: 250
i ♥ coinichiwa
Therefore he can't create a seed that will give you unlucky numbers for your particular betting strategy.

Even if he could, cheating that way would not be very wise cause as soon as someone would find out the unfair pattern he could abuse it for his own profit.
legendary
Activity: 2940
Merit: 1333
So what? Unless dooglus has psychic powers, he can't tell how you're going to bet.  Are you betting high? Low? 49.5%? 20%? 10%? Martingale? Progressive strategy? Bet 0.1 but 1.0 every tenth bet?  He doesn't know.  Therefore he can't create a seed that will give you unlucky numbers for your particular betting strategy.

He did address this earlier.  Lots of players play martingale, so as long as I make sure there's a long streak of very high rolls and a long streak of very low numbers early on, most players will bust early (so long as they stick to all hi, or all lo).

I you think I'm searching for seed pairs with those properties, make sure you click 'randomize', make a note of the server seed hash, and set your own client seed before you play.

If I was doing something despicable like that, I expect the site's profit would be a little higher than the current 0.28% of turnover however.
kgo
hero member
Activity: 548
Merit: 500

I agree with you that the site can be provably fair, and that has to be balanced with the user experience. 

My main point of the post is it is not provably fair by default.
If you visit the site for the first time, the client and server seeds are provided by the server, yes you can verify they rolled as expected, but it is also possible those client and server seeds were pre-prepared.

I am over the issue now, I am not going to do a crusade, I'll let the gamblers make their decisions.

So what? Unless dooglus has psychic powers, he can't tell how you're going to bet.  Are you betting high? Low? 49.5%? 20%? 10%? Martingale? Progressive strategy? Bet 0.1 but 1.0 every tenth bet?  He doesn't know.  Therefore he can't create a seed that will give you unlucky numbers for your particular betting strategy.
b!z
legendary
Activity: 1582
Merit: 1010
in the matter a fact i wrote about your site on my site... Smiley
http://bitcoinadvice.bugs3.com/btc-and-doge-betting/
and i didnt ask nothing for advertising  Tongue
p.s.
I count on your good heart
hehehehe

Thanks for the review.  I hadn't seen that before.

This made me smile:

> meaning that support is almost excellent and easy to acquire on Just-Dice

"almost excellent" Wink

I can't find anything substantial to complain about... so I'll just mention that the "which can be seen at the Bitcoin address 14o7zMMUJkG6De24r3JkJ6USgChq7iWF86." line is badly formatted on my screen.  The address is too long, making the right-justified text on the previous line far too spaced out.  Maybe use a link to the blockchain.info page for the address and say "which can be seen [here]".

Actually, it's copied directly from Bitcoin Reviewer, and he didn't write any of it.  Roll Eyes

I did update the review though. http://bitcoinreviewer.com/just-dice-review/
legendary
Activity: 2940
Merit: 1333
in the matter a fact i wrote about your site on my site... Smiley
http://bitcoinadvice.bugs3.com/btc-and-doge-betting/
and i didnt ask nothing for advertising  Tongue
p.s.
I count on your good heart
hehehehe

Thanks for the review.  I hadn't seen that before.

This made me smile:

> meaning that support is almost excellent and easy to acquire on Just-Dice

"almost excellent" Wink

I can't find anything substantial to complain about... so I'll just mention that the "which can be seen at the Bitcoin address 14o7zMMUJkG6De24r3JkJ6USgChq7iWF86." line is badly formatted on my screen.  The address is too long, making the right-justified text on the previous line far too spaced out.  Maybe use a link to the blockchain.info page for the address and say "which can be seen [here]".
legendary
Activity: 2940
Merit: 1333
Well you never can win a house...  1 from 10000 will "win" something.... i try play for few satoshi and i can say nothing... but 5 miss strike on 91%... well probability for that is 1:95848388234728472882426378462387432.... and i have 3 5xstrikes in 2 hours... Smiley

I think there's a problem with your calculation there.

You lose a 91% bet with more than 1 in 10 chance.
So you lose 5 in a row with more than 1 in 100,000 chance.

"in 2 hours" doesn't tell us much when we don't know how fast you're playing.

If you tell me your account number I can give some real statistics and we can see how unlucky you really were.

dooglus do not be mad... Tongue probability that i wrote is to hight, and your "1 in 100,000 chance" its way to low from the right number....

I wasn't mad.  I saw you make a mathematical error and pointed it out.

If you like, I can be more accurate with my numbers:

The probability of losing a 91% bet is 0.09.
The probability of losing N of them in a row is 0.09^N
So the probability of losing 5 in a row is 0.09^N = 0.0000059049
That's 1 in 169,350.878

Huh.  Well what do you know, I was wrong!  lol

Not sure what I was thinking when I wrote "You lose a 91% bet with more than 1 in 10 chance" - you lose a 91% bet 9% of the time, or about 1 in 11.1111.  1 in 11 is less than 1 in 10.  Huh.

But still, I was a little closer than you.  169,350 is closer to 100,000 than 95848388234728472882426378462387432 is.
newbie
Activity: 12
Merit: 0
Quote
By default its not provably fair, perhaps should put this on your site:

This game is provably fair*

*At Just-Dice, those steps are:
1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


No, by default the game is provably fair.  Provable is an adjective, it means that something is capable of being proven.  Just-dice can be proven to be fair.  As Doog explained, the user just has to take certain steps to do that.  And, as far as I know, of those who did take those steps, just-dice has been proven fair 100% of the time.  

Every user has the ability to prove that the game that they just played is fair.  It sounds like you just want the site to make it easier for users to prove that the game is fair.  Doog's position appears to be that the benefits of that, if any, are outweighed by the negative impact those changes would have on user experience.  If anyone disagrees, I'm sure there are other dice sites that make it easier to prove fairness, and if not, create one!  Maybe you're right, Doog is wrong, and users do prefer the steps to prove fairness to be easier, even if it requires changes that may be a detriment to the user experience.  Maybe there's some room for innovation there, and it can be done with little to no cost to the user experience.  

The point is, the game is fair, and with some effort that can be proven by anyone playing it if they follow Doog's instructions.  Just-dice is provably fair to gamblers.

The potential for anyone in Doog's position to do something dishonest (walk away with investor money, cheat his own site, switch the game with a different game that is unfair) has nothing to do with the fairness of the game.  That potential exists whenever someone must place their trust in someone else.  You can never prove that there is a 100% chance of honesty.  But you can make a rational, informed judgment, and all things considered this seems to be a pretty safe one considering the various incentives, at least in this context (I know little about and can't comment on whether the site is safe from hackers, for example, though it is a pretty big target and as far as I know other than a manual payout mistake early on, not much of any has been lost).

I agree with you that the site can be provably fair, and that has to be balanced with the user experience. 

My main point of the post is it is not provably fair by default.
If you visit the site for the first time, the client and server seeds are provided by the server, yes you can verify they rolled as expected, but it is also possible those client and server seeds were pre-prepared.

I am over the issue now, I am not going to do a crusade, I'll let the gamblers make their decisions.
full member
Activity: 182
Merit: 101
February 27, 2014, 09:27:15 AM
#31
Well you never can win a house...  1 from 10000 will "win" something.... i try play for few satoshi and i can say nothing... but 5 miss strike on 91%... well probability for that is 1:95848388234728472882426378462387432.... and i have 3 5xstrikes in 2 hours... Smiley

I think there's a problem with your calculation there.

You lose a 91% bet with more than 1 in 10 chance.
So you lose 5 in a row with more than 1 in 100,000 chance.

"in 2 hours" doesn't tell us much when we don't know how fast you're playing.

If you tell me your account number I can give some real statistics and we can see how unlucky you really were.

dooglus do not be mad... Tongue probability that i wrote is to hight, and your "1 in 100,000 chance" its way to low from the right number....

how you see my "Smiley" after my sentence.. it means that I do not blame your site because of my lost... i just blame the fact that I'm addicted to gambling... hehehe...

In one word: i love just-dice...  ...hmmm this is not one word... Smiley

in the matter a fact i wrote about your site on my site... Smiley
http://bitcoinadvice.bugs3.com/btc-and-doge-betting/
and i didnt ask nothing for advertising  Tongue
p.s.
I count on your good heart
hehehehe
full member
Activity: 182
Merit: 101
February 27, 2014, 09:19:16 AM
#30
Well you never can win a house...  1 from 10000 will "win" something.... i try play for few satoshi and i can say nothing... but 5 miss strike on 91%... well probability for that is 1:95848388234728472882426378462387432.... and i have 3 5xstrikes in 2 hours... Smiley

I think there's a problem with your calculation there.

You lose a 91% bet with more than 1 in 10 chance.
So you lose 5 in a row with more than 1 in 100,000 chance.

"in 2 hours" doesn't tell us much when we don't know how fast you're playing.

If you tell me your account number I can give some real statistics and we can see how unlucky you really were.

dooglus do not be mad... Tongue probability that i wrote is to hight, and your "1 in 100,000 chance" its way to low from the right number....

how you see my "Smiley" after my sentence.. it means that I do not blame your site because of my lost... i just blame the fact that I'm addicted to gambling... hehehe...

In one word: i love just-dice...  ...hmmm this is not one word... Smiley
full member
Activity: 209
Merit: 100
February 27, 2014, 12:32:29 AM
#29
Quote
By default its not provably fair, perhaps should put this on your site:

This game is provably fair*

*At Just-Dice, those steps are:
1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


No, by default the game is provably fair.  Provable is an adjective, it means that something is capable of being proven.  Just-dice can be proven to be fair.  As Doog explained, the user just has to take certain steps to do that.  And, as far as I know, of those who did take those steps, just-dice has been proven fair 100% of the time.  

Every user has the ability to prove that the game that they just played is fair.  It sounds like you just want the site to make it easier for users to prove that the game is fair.  Doog's position appears to be that the benefits of that, if any, are outweighed by the negative impact those changes would have on user experience.  If anyone disagrees, I'm sure there are other dice sites that make it easier to prove fairness, and if not, create one!  Maybe you're right, Doog is wrong, and users do prefer the steps to prove fairness to be easier, even if it requires changes that may be a detriment to the user experience.  Maybe there's some room for innovation there, and it can be done with little to no cost to the user experience.  

The point is, the game is fair, and with some effort that can be proven by anyone playing it if they follow Doog's instructions.  Just-dice is provably fair to gamblers.

The potential for anyone in Doog's position to do something dishonest (walk away with investor money, cheat his own site, switch the game with a different game that is unfair) has nothing to do with the fairness of the game.  That potential exists whenever someone must place their trust in someone else.  You can never prove that there is a 100% chance of honesty.  But you can make a rational, informed judgment, and all things considered this seems to be a pretty safe one considering the various incentives, at least in this context (I know little about and can't comment on whether the site is safe from hackers, for example, though it is a pretty big target and as far as I know other than a manual payout mistake early on, not much of any has been lost).
sr. member
Activity: 364
Merit: 250
February 24, 2014, 06:20:03 PM
#28
DOOG come on my threads and support me now!!!!!!!    Grin
legendary
Activity: 2940
Merit: 1333
February 24, 2014, 06:17:24 PM
#27
Well you never can win a house...  1 from 10000 will "win" something.... i try play for few satoshi and i can say nothing... but 5 miss strike on 91%... well probability for that is 1:95848388234728472882426378462387432.... and i have 3 5xstrikes in 2 hours... Smiley

I think there's a problem with your calculation there.

You lose a 91% bet with more than 1 in 10 chance.
So you lose 5 in a row with more than 1 in 100,000 chance.

"in 2 hours" doesn't tell us much when we don't know how fast you're playing.

If you tell me your account number I can give some real statistics and we can see how unlucky you really were.
full member
Activity: 182
Merit: 101
February 24, 2014, 04:26:55 PM
#26
Well you never can win a house...  1 from 10000 will "win" something.... i try play for few satoshi and i can say nothing... but 5 miss strike on 91%... well probability for that is 1:95848388234728472882426378462387432.... and i have 3 5xstrikes in 2 hours... Smiley
sr. member
Activity: 364
Merit: 250
February 24, 2014, 02:45:36 PM
#25
Oh thats not nice Doogie!!!!!



But Yeah This site is legitimate the algorithm is changed every day.
legendary
Activity: 2940
Merit: 1333
February 24, 2014, 02:34:18 PM
#24
As dooglus's attorney and advisor I ask you remove your head from your ass,

Yeah, it probably doesn't need saying, but Kyle doesn't represent me in any capacity.

Please feel free to leave your head wherever it is.
legendary
Activity: 1358
Merit: 1003
Designer - Developer
February 24, 2014, 01:00:30 AM
#23
Dooglus also change the algorithm without warning in September and arbitrarily, causing losses to many users, the only way to solve this is in court but he has hidden in his anonymity to avoid starting a legal process. But the day will come.

The old algorithm and the new algorithm both cause many losses.  When users play the 10% game they lose around 90% of the time!

If you think that the change to the algorithm somehow "made" people lose, I don't know what to tell you.

Plenty of warning was given, including on the 'Fair?' tab which describes the algorithm:



Yes now, but not before. Not in October, November or December. The algorithm was changed without prior announcement, only a mention in a thread at the end of September.
The above algorithm was much less profitable than the current algorithm for you, Just compare the profits. I agree to play with the above algorithm, not the current and initially only asked that, something reasonable following your logic. I promised that would take this to court and I will. I have not forgotten.

As dooglus's attorney and advisor I ask you remove your head from your ass, Quick crying over things that aren't broken.. and fuck your hat.

Any further harassment towards my client and I will fuck you with the long dick of the law.

Have a good day,

KLYE
legendary
Activity: 2940
Merit: 1333
February 24, 2014, 12:57:04 AM
#22
Plenty of warning was given, including on the 'Fair?' tab which describes the algorithm:

Yes now, but not before. Not in October, November or December. The algorithm was changed without prior announcement, only a mention in a thread at the end of September.

You need to get your facts straight.  The 'Fair?' tab was updated *before* the algorithm changed.  Otherwise that's not "plenty of warning", is it...  It was updated in September.  October, November and December all happened after September, and so the new algorithm was described on the 'Fair?' tab in those months too.

The above algorithm was much less profitable than the current algorithm for you, Just compare the profits.

Both algorithms have caused the profit chart to very closely follow expectation, except for a couple of occasions when nakowa played.

I agree to play with the above algorithm, not the current and initially only asked that, something reasonable following your logic. I promised that would take this to court and I will. I have not forgotten.

The old algorithm is no longer available.  Both algorithms effectively give you random rolls.
sr. member
Activity: 364
Merit: 250
February 23, 2014, 09:58:40 PM
#21

It basically boils down to this:

Any provably fair site can cheat its users if the users don't take the steps required to verify the fairness.

At Just-Dice, those steps are:

1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


doesn't step 2 require at least 100 rolls?
if i understand you right doesnt that mean that you can cheat the first 100 rolls of every user?

btw i am not concerned. i did choose just-dice because i do trust dooglus. i would never gamble anywhere where i do not trust the operator - even if they claim to be provable fair and has lots of trust of others and i did check the code.

You trust to easily then, just cause others do.  You will jump off the bridge just cause they do.

Trust and judgement belongs to me and no one else.
hero member
Activity: 952
Merit: 1005
frantorres_995 at socialmedia
February 23, 2014, 09:12:01 PM
#20
Dooglus also change the algorithm without warning in September and arbitrarily, causing losses to many users, the only way to solve this is in court but he has hidden in his anonymity to avoid starting a legal process. But the day will come.

The old algorithm and the new algorithm both cause many losses.  When users play the 10% game they lose around 90% of the time!

If you think that the change to the algorithm somehow "made" people lose, I don't know what to tell you.

Plenty of warning was given, including on the 'Fair?' tab which describes the algorithm:



Yes now, but not before. Not in October, November or December. The algorithm was changed without prior announcement, only a mention in a thread at the end of September.
The above algorithm was much less profitable than the current algorithm for you, Just compare the profits. I agree to play with the above algorithm, not the current and initially only asked that, something reasonable following your logic. I promised that would take this to court and I will. I have not forgotten.
newbie
Activity: 12
Merit: 0
February 23, 2014, 04:45:43 PM
#19
Your thread subject, "Just-Dice is not provably fair to gamblers" isn't accurate.  More accurate would be "Just-Dice is provably fair to any gambler who cares about provable fairness and can be bothered to take the steps to verify the proof".
By default its not provably fair, perhaps should put this on your site:
how could it be changed to be provably fair to gamblers?

Generate client seed client-sidedly.
Its not much to ask, but he is refusing to do it for some reason.

The second change I asked for is condition checking in the code that lets the server change the seeds (he can do any time during your betting), something simple like "if user has randomize window open then allow seed changes otherwise refuse" would work.
legendary
Activity: 2940
Merit: 1333
February 23, 2014, 01:33:49 PM
#18
2) set your own (unpredicable) client seed

doesn't step 2 require at least 100 rolls?
if i understand you right doesnt that mean that you can cheat the first 100 rolls of every user?

No.  You can 'randomize' (and so set your client seed) any time you have made 0 rolls with your current seed pair, or more than 9.  What you can't do is randomize after every few (1 to 9) bets.  But you can randomize as many times as you like if you've not bet at all.

My first design of the site forced new players to type a client seed before they could start playing, but it was pretty much universally disliked by the testers.  It turns out most people don't want to be bothered to think about the details and would rather get to the game itself as soon as possible, so I removed that feature before launching the site to the public.
legendary
Activity: 1428
Merit: 1000
February 23, 2014, 01:20:46 PM
#17

It basically boils down to this:

Any provably fair site can cheat its users if the users don't take the steps required to verify the fairness.

At Just-Dice, those steps are:

1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers


doesn't step 2 require at least 100 rolls?
if i understand you right doesnt that mean that you can cheat the first 100 rolls of every user?

btw i am not concerned. i did choose just-dice because i do trust dooglus. i would never gamble anywhere where i do not trust the operator - even if they claim to be provable fair and has lots of trust of others and i did check the code.
legendary
Activity: 2940
Merit: 1333
February 23, 2014, 01:18:22 PM
#16
Dooglus also change the algorithm without warning in September and arbitrarily, causing losses to many users, the only way to solve this is in court but he has hidden in his anonymity to avoid starting a legal process. But the day will come.

The old algorithm and the new algorithm both cause many losses.  When users play the 10% game they lose around 90% of the time!

If you think that the change to the algorithm somehow "made" people lose, I don't know what to tell you.

Plenty of warning was given, including on the 'Fair?' tab which describes the algorithm:

legendary
Activity: 2940
Merit: 1333
February 23, 2014, 01:13:23 PM
#15
I have raised this with Dooglus over a week ago, we discussed solutions but he has decided the site will not change.

I've had an ongoing discussion with this guy in a support ticket where he basically tried to extort me.  He gave me three options: fix the "bug", pay him for his silence, or he'll post a thread about it.  Since I don't consider this a bug, and I don't ever pay extortionists, I told him to go ahead and publish his findings.  So he did.

I guess now I get to enjoy rebutting his points all over again, only in public this time.  Smiley

The only protection is if the user writes down both keys and verify their bets every 100 rolls, after that your bets a no longer visible

Nothing magical happens every 100 rolls.  Your client and server seed stay the same until you change them.  If you're referring to the 'all bets' log, then that's silly.  If you don't trust me, then why trust me that the 100 listed rolls are real?  You need to write down each roll as it happens surely.

I am not accusing the site of rigging rolls, I am just saying that it is possible.

It basically boils down to this:

Any provably fair site can cheat its users if the users don't take the steps required to verify the fairness.

At Just-Dice, those steps are:

1) make a note of the server seed hash
2) set your own (unpredicable) client seed
3) play as much as you like, making a note of your rolls
4) verify the rolled numbers

Players who care about fairness will follow those steps, and players who don't, won't.  If you follow those steps then there's no way I can cheat you.

Your thread subject, "Just-Dice is not provably fair to gamblers" isn't accurate.  More accurate would be "Just-Dice is provably fair to any gambler who cares about provable fairness and can be bothered to take the steps to verify the proof".
newbie
Activity: 4
Merit: 0
February 23, 2014, 01:05:12 PM
#14
I'm not tech savy so i didn't understand much of what you said, but i lost some btcs there, so i'd like to know what's up.
Wow, you should not gamble if you don't expect to lose money.
When did i say that i didnt expect to lose money lol?
I just said i lost some btc there, im not crying, i know perfectly the risks, but from what i understood in this thread the game MIGHT be rigged, and i would like to know what is going on since im not really tech savy.
sr. member
Activity: 364
Merit: 250
February 23, 2014, 12:53:00 PM
#13
Ahhzamundos, do you know him personally?  

Just asking cause we dont truly know anyone.


Anyway I commend the person on top, was a point I was trying to make a while ago.  now im sure your get ops to challenge you to protect there rep so they wont lose business.  

I was trying to warn others about this, that I found a developer who can manipulate dice.  Thats why I truly stopped betting cause I saw a funny pattern.   Especially with martingale.    People are not gonna listen to this, they gonna see his side but if those was exposed earlier im sure the site would have been doomed.  People trust these OPS with there life.  
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
February 23, 2014, 12:51:14 PM
#12
I'm not tech savy so i didn't understand much of what you said, but i lost some btcs there, so i'd like to know what's up.
Wow, you should not gamble if you don't expect to lose money.
full member
Activity: 238
Merit: 109
February 23, 2014, 12:48:59 PM
#11
I'm not tech savy so i didn't understand much of what you said, but i lost some btcs there, so i'd like to know what's up.

What's up? In theory he could have influenced the numbers that come up to be in a less-than-random (But still not chosen) order, as, he provides two of the three parts of a hash, and, the third part is simply an incrementing number, something that you could easily test with.

He still couldn't force you to bed more than/less than, or, what percentage, so, the best he could do is profile your betting procedure to guess how you bet, then attempt to test a bunch of hashes until they are ordered in the way that profiles you.

tl;dr no, he probably didn't steal from you, but, it is an issue to be concerned with, assuming I'm understanding this correctly (I believe I'm understanding the issue correctly, but, maybe not the repercussions)
member
Activity: 98
Merit: 10
February 23, 2014, 12:47:38 PM
#10
how could it be changed to be provably fair to gamblers?  Do other sites also exhibit similar weakness?

It depends on how the site generate their server seed.

If and only if the method they are using is unique per user with instant checking (like Just-Dice.com and EveryDice.com), then you only need to change the client seed once. After that, there is *no way* the site is able to manipulate the roll. Remember that you pick your client seed after the site show their server seed hash Smiley
hero member
Activity: 644
Merit: 500
Invest & Earn: https://cloudthink.io
February 23, 2014, 12:44:57 PM
#9
From my understanding of the issue... JD IS provably fair, you just have know way of knowing doog did not cheat.

If doog wanted to fuck people over he could just look at the seeds and bet on his own site and win.  Or hell, he could just run away with the 40,000+ that people trust with him.

If doog wanted to cheat you, he would just run with the money.

Also, doog is not anonymous...
newbie
Activity: 4
Merit: 0
February 23, 2014, 12:41:42 PM
#8
I'm not tech savy so i didn't understand much of what you said, but i lost some btcs there, so i'd like to know what's up.
full member
Activity: 238
Merit: 109
February 23, 2014, 12:12:09 PM
#7
how could it be changed to be provably fair to gamblers?

Generate client seed client-sidedly.
sr. member
Activity: 323
Merit: 254
February 23, 2014, 12:06:15 PM
#6
how could it be changed to be provably fair to gamblers?  Do other sites also exhibit similar weakness?
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
February 23, 2014, 08:52:20 AM
#5
It is provably fair if the gambler takes the correct steps to make sure it is. If you are reckless, then it does not matter anyways. As to changing the way the rolls are calculated, he did this to make it more secure for the site. This is no way would cause losses to people.
hero member
Activity: 952
Merit: 513
February 23, 2014, 07:07:25 AM
#4
haha dooglus should do provably fair for investment.
hero member
Activity: 952
Merit: 1005
frantorres_995 at socialmedia
February 23, 2014, 06:58:30 AM
#3
Dooglus also change the algorithm without warning in September and arbitrarily, causing losses to many users, the only way to solve this is in court but he has hidden in his anonymity to avoid starting a legal process. But the day will come.
sr. member
Activity: 266
Merit: 250
February 23, 2014, 05:26:20 AM
#2
Reserved.
newbie
Activity: 12
Merit: 0
February 23, 2014, 04:01:31 AM
#1
I have raised this with Dooglus over a week ago, we discussed solutions but he has decided the site will not change.

The problem
The client side key is generated by the server initially and has no security so it can be changed at any time

Background
There are three parts to generating a fair bet:
  • Server Key - given to the user as a hash
  • Client Key - known by the user (and should be generated by the user)
  • Bet number
The time and size of a bet have nothing to do with the result.

How can this be abused
The nature of Just-Dice rolls are that you bet high or low in a 0-100, if the client and server key are generated by the server they can pre-prepare client-server keys that will result in rolls in their favor.
for example they can generate millions of sets of hashs until the results:
1) are generally 10-90 so that people will not get the rare 10x payout rolls (less than 10 or greater than 90)
2) have long streaks above or below 50 to send martingalers bust
So use your imagination, they can dictate the roll results

The technical details
The code is available here:
https://just-dice.com/javascripts/dice.js
A beautified copy:
http://pastebin.com/CatuARX2

The Server and Client keys can be changed at any time by the server, here is the corresponding code:
Code:
  socket.on("shash", function(data) {
    $("#shash").html(data)
  });
  socket.on("seed", function(data) {
    $("#seed").html(data)
  });
The only protection is if the user writes down both keys and verify their bets every 100 rolls, after that your bets a no longer visible

When you load the site, the client key is provided by the server, this is not a problem for returning users, but first time visitors should have their own java-script engine generating a client key, here is the code:
Code:
  socket.on("init", function(data) {
    ... other code ...
    $("#shash").html(data.shash);
    $("#nonce").html(data.nonce);
    $("#seed").html(data.seed);
It is possible to use the randomize function when you first enter the site, but I do not believe many users do this.

Caveat
I am not accusing the site of rigging rolls, I am just saying that it is possible.
Jump to: