The difference between the win amount and the bet amount is reserved out of the available balance until a payment is confirmed or the game times out, without regard to whether or not the game is a winner.
Good to know!
Topic: MyriadCoins.com - Make the bet you want - page 3. (Read 7922 times)
Good to know!
I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.
You seem to only allow me 5 or so "games" in progress at a time. Is that because you've committed the coins to me at the time I click "place bet" and don't want to over-commit? Do you commit coins even if it's a losing bet for me? Can I use this to tell in advance whether it's a losing bet, and then decide whether to play?
The difference between the win amount and the bet amount is reserved out of the available balance until a payment is confirmed or the game times out, without regard to whether or not the game is a winner.
I've seen the 'tampered' message without clicking anywhere near the hash. So that was a red herring.
I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.
You seem to only allow me 5 or so "games" in progress at a time. Is that because you've committed the coins to me at the time I click "place bet" and don't want to over-commit? Do you commit coins even if it's a losing bet for me? Can I use this to tell in advance whether it's a losing bet, and then decide whether to play?
I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.
If you're okay with revealing your email, send it to [email protected]
Sent. An email, that is.
OK, it took me a while to figure out how to stop my browser saying it accepted gzipped pages from your server, but now I can capture the packets in uncompressed form.
The problem now is I have too many outstanding games, and so can't reproduce the error, I think.
Can you cancel them for me? All the ones to my deposit address will be mine...
The problem now is I have too many outstanding games, and so can't reproduce the error, I think.
Can you cancel them for me? All the ones to my deposit address will be mine...
Can't cancel them, but I deleted the ip records, so you should be good to go. The available balance (and thus the bet/win limits) will be a little lower until the other games time out, but that shouldn't matter for your testing.
OK, it took me a while to figure out how to stop my browser saying it accepted gzipped pages from your server, but now I can capture the packets in uncompressed form.
The problem now is I have too many outstanding games, and so can't reproduce the error, I think.
Can you cancel them for me? All the ones to my deposit address will be mine...
The problem now is I have too many outstanding games, and so can't reproduce the error, I think.
Can you cancel them for me? All the ones to my deposit address will be mine...
I followed you steps exactly other than waiting 5 minutes and couldn't reproduce. I've reloaded the page and I will wait before trying again. If it's not too much trouble the HTTP packets might be helpful. It might be better to email it than to flood this thread. If you're okay with revealing your email, send it to [email protected], otherwise a PM will do.
I think every time I've double-clicked the hash, I've seen the error, and every time I haven't, I haven't. Seems odd though.
I just saw the error again without clicking anywhere near the hash.
I just reproduced the error again, and took screenshots as I did.
I started with a 5-minute old hash:
Then I clicked the game logo to generate a new hash, filled in the details, double-clicked the hash, and hit control-c. All ready to click the 'place ...' button:
Then I clicked the 'place ...' button I saw the error message:
Notice that the hash is still selected in that final image. I only selected it once, and it stayed selected.
I think every time I've double-clicked the hash, I've seen the error, and every time I haven't, I haven't. Seems odd though.
This all happened in the space of a minute or so.
Would it help if I did it again and grabbed the HTTP packets that hit the network for you?
I started with a 5-minute old hash:
Then I clicked the game logo to generate a new hash, filled in the details, double-clicked the hash, and hit control-c. All ready to click the 'place ...' button:
Then I clicked the 'place ...' button I saw the error message:
Notice that the hash is still selected in that final image. I only selected it once, and it stayed selected.
I think every time I've double-clicked the hash, I've seen the error, and every time I haven't, I haven't. Seems odd though.
This all happened in the space of a minute or so.
Would it help if I did it again and grabbed the HTTP packets that hit the network for you?
We could possibly show the hashes for games from the user's IP, but those might not necessarily be their games. We have no way of identifying individual users, other than possibly when they use the same payout address.
I see. I assumed you would be using a session cookie or something to track my activity on the site.
I tried control-f5 but it doesn't seem to do anything at all.
I monitored the squid logs when I hit control-r, f5, etc. Here's what happened - it seems to be the same for each, except for control-f5 which as I say did nothing:
I notice that control-shift-r gives different messages, so maybe that's the equivalent of what you asked for.
Code:
[control-r]
1339553565.370 968 127.0.0.1 TCP_MISS/200 2830 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553566.442 1059 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 291 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 -
1339553566.772 1388 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 293 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 -
1339553566.772 1388 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 292 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 -
1339553566.944 1561 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553567.163 207 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 269 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 -
1339553567.343 160 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html
[f5]
1339553586.905 2601 127.0.0.1 TCP_MISS/200 2830 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553587.102 184 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 291 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 -
1339553587.262 344 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 292 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 -
1339553587.344 426 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 293 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 -
1339553587.464 545 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553587.633 156 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 269 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 -
1339553587.842 164 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html
[control-f5]
[control-shift-r]
1339553610.015 350 127.0.0.1 TCP_MISS/200 2831 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553610.182 150 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 805 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 text/css
1339553610.763 730 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553610.784 751 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 6506 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 application/javascript
1339553611.142 1110 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 32482 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 application/javascript
1339553611.516 319 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 14706 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 image/png
1339553611.763 234 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html
Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up. If the recomputed hash doesn't match the displayed hash, you get the tampering error. I'm having a hard time imagining how what you've described happened. If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it. Was this a fresh game, or had it sat around for a while? Was it submitted previously and had a different error? Was there anything else you did that might provide a hint?
See my post immediately before yours. I had the error happen 3 times in a row, on 3 different hashes. The first time may have been over an hour old, I'm not sure. But the 2nd and 3rd were newly generated.
I ended up sending BTC to the address it told me, and it worked fine. But that may have been my 4th attempt, which didn't show the error.
Is it possible that my double-clicking the hash at the bottom of the game page then control-c'ing to copy it is causing something bad?
Quote
Here's a list of unpaid hashes with the same payout address as the one hash you posted:
521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222
Yes, it is safe to pay for the tampered ones. The games look to be fine on the server side. Still, we need to figure out why this is happening.
521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222
Yes, it is safe to pay for the tampered ones. The games look to be fine on the server side. Still, we need to figure out why this is happening.
It might be good to let the user see their list of unpaid games for themselves, and possible let them cancel them. Otherwise they have to wait 2 (?) hours for them to expire if they create too many when playing around. Unless there's a good reason not to, of course.
Quote
Can you try a Ctl-F5? We made some changes to the javascript and you might be caching an old copy.
Will do.
We could possibly show the hashes for games from the user's IP, but those might not necessarily be their games. We have no way of identifying individual users, other than possibly when they use the same payout address.
Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up. If the recomputed hash doesn't match the displayed hash, you get the tampering error. I'm having a hard time imagining how what you've described happened. If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it. Was this a fresh game, or had it sat around for a while? Was it submitted previously and had a different error? Was there anything else you did that might provide a hint?
See my post immediately before yours. I had the error happen 3 times in a row, on 3 different hashes. The first time may have been over an hour old, I'm not sure. But the 2nd and 3rd were newly generated.
I ended up sending BTC to the address it told me, and it worked fine. But that may have been my 4th attempt, which didn't show the error.
Is it possible that my double-clicking the hash at the bottom of the game page then control-c'ing to copy it is causing something bad?
Quote
Here's a list of unpaid hashes with the same payout address as the one hash you posted:
521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222
Yes, it is safe to pay for the tampered ones. The games look to be fine on the server side. Still, we need to figure out why this is happening.
521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222
Yes, it is safe to pay for the tampered ones. The games look to be fine on the server side. Still, we need to figure out why this is happening.
It might be good to let the user see their list of unpaid games for themselves, and possible let them cancel them. Otherwise they have to wait 2 (?) hours for them to expire if they create too many when playing around. Unless there's a good reason not to, of course.
Quote
Can you try a Ctl-F5? We made some changes to the javascript and you might be caching an old copy.
[/quote[
Will do.
[/quote[
Will do.
Can you try a Ctl-F5? We made some changes to the javascript and you might be caching an old copy.
No wanting to risk it, I clicked the banner to get a new hash, put my deposit address, changed the bets to 0.10 and 0.20, input my guess, copy/pasted the hash into a text editor and hit 'place your wager'. Again it told me something had been tampered with.
I tried again, and again got the 'tampered with' error message.
I tried a 4th time, not copy/pasting the hash, and that time it worked.
Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away. Or something.
("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")
Can I find a list of outstanding games, so I can pay for one? Is it safe to pay for the "tampered with" ones?
I tried again, and again got the 'tampered with' error message.
I tried a 4th time, not copy/pasting the hash, and that time it worked.
Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away. Or something.
("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")
Can I find a list of outstanding games, so I can pay for one? Is it safe to pay for the "tampered with" ones?
Here's a list of unpaid hashes with the same payout address as the one hash you posted:
521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222
Yes, it is safe to pay for the tampered ones. The games look to be fine on the server side. Still, we need to figure out why this is happening.
Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up. If the recomputed hash doesn't match the displayed hash, you get the tampering error. I'm having a hard time imagining how what you've described happened. If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it. Was this a fresh game, or had it sat around for a while? Was it submitted previously and had a different error? Was there anything else you did that might provide a hint?
Not wanting to risk it, I clicked the banner to get a new hash, put my deposit address, changed the bets to 0.10 and 0.20, input my guess, copy/pasted the hash into a text editor and hit 'place your wager'. Again it told me something had been tampered with.
I tried again, and again got the 'tampered with' error message.
I tried a 4th time, not copy/pasting the hash, and that time it worked.
Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away. Or something.
("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")
Can I find a list of outstanding games, so I can pay for one? Is it safe to pay for the "tampered with" ones?
I tried again, and again got the 'tampered with' error message.
I tried a 4th time, not copy/pasting the hash, and that time it worked.
Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away. Or something.
("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")
Can I find a list of outstanding games, so I can pay for one? Is it safe to pay for the "tampered with" ones?
I just got an error message when I hit the 'place your wager' button:
I hit the refresh button in the browser, and it appeared to fix itself:
What does that 'tampered with' error message mean? And is it safe to proceed with the bet after refreshing the page?
I hit the refresh button in the browser, and it appeared to fix itself:
What does that 'tampered with' error message mean? And is it safe to proceed with the bet after refreshing the page?
The balance is actually about 20BTC right now, with bets that win 20% being the max, but like you say the 4BTC is all that matters for brute forcing. If you ever lose a bet you'll be able to bet at least a little bit more the next time, unless someone has reserved some of the balance in between.
But, yeah, I just changed it to an hour. Should be good enough.
But, yeah, I just changed it to an hour. Should be good enough.
Great. 2 minutes was just too short, and I found myself exceeding the 15 minutes sometimes too, if I got distracted writing a forum post part way through betting.
An hour should be good though. And nobody would mind a couple extra base64 characters in their secret either, just to be on the safe side.
Jump to: