Topic: Open Discussion of Just-Dice (Read 7673 times)

No, not exactly. It's what I consider the fine print, which you should know already. I was trying to make it a case of a simple and honest declaratory statement.

For example, I can say: I will not lie, cheat, or steal.

Then you can add a paragraph after that explaining in detail, but it doesn't really need to be said. Or right, maybe I'm just thinking about the greeting card niceness of it.

However, we're dealing with stuff that can not be proven or can not be detected. I'm pretty sure that what dooglus has just stated is honest and true and he just covered the bases. I'm also almost certain that he could have said he will never cheat at just-dice. Ever. And he will try to the best of his abilities to stick to that.

And then you have Yoda say, there is no try, just do.

I understand this is a trust issue. Best efforts aren't enough. You should do whatever it takes. (more sappy greeting card stuff.)

In the end, how much you trust something is shown by how much you invest in it.

The problem as I see it is that whoever knows the server seed can cheat undetectably.  The server needs to have access to the seed to generate the rolls, and I need to have access to the server.

I imagine the equivalent in a real casino is someone invests in the casino, and the guys running the casino tell the investor "sorry, someone came in last night and won a bunch.  As a result, your investment isn't doing very well".  There don't need to be any rigged games - the owners can just lie to the investors directly.

The same goes for any other investment you can imagine.  When you buy Microsoft shares do you check every expense they file, or do you just trust that they're not buying hookers and blow with your investment and marking it down as R&D or some such other expense?  It seems to me you always have to trust the people running whatever you invest in.

You seem to think that rephrasing honest words into something more palatable somehow makes everything better. It makes sense for sappy greeting cards, not so much for situations involving trust.

Dooglus:  Cheating is undetectable.  This seems to be a big problem.  If you had some type of oversight and your process and accounts were audited would cheating still be undetectable?

This seems to be a weakness of internet gambling in general.  All these gambling sites have the same weakness.

The equivalent in a real casino would be rigged games that only gamblers who work for the owners can benefit from.

With internet gambling the owner, the shill and the source of entropy can all be the same person.

Nice. You should have left out the first sentence and the last one. I understand you probably want to say it anyway.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't even know if I can say in all honestly that I would never cheat at Just-Dice.  I can honestly say I never have done, and that I intend never to do so.  But I can imagine dire situations in which I could be very tempted to do so.

The whole point is pretty much moot however, since any such cheating is undetectable if done properly.  People either trust me or they don't.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSXKbwAAoJEEvmoBBJKjWOJm8H/0SYlxxygaSNG9d6LVk+itKb
iGe3MXIfVLeTMBfrtxkuJzn9lRb2a8iajNn9kO8ZGUYEm8hNU4fDE99Wmf+P3M+i
mbC+XHD2MYAbxsevE7o8fhh4jiobjdt+I0E28Y7aAQ/IIW3vpO/3wmlVxSSh0icX
NmEZ0tgn9hWzGRVJqWsx9pstmU0NAaO5PfiXuaDQcxXIaowXOGaihWyQVAHKgBSc
yB9fUG/YXOvRoJ5yr+GnDbFEp4Kuyo+SwM8RmvTxovlA4bqZbRY+sC0FSHTybFar
AVvQiGuo9gOfQhmgyLQXD1fxwSbPA/DuqgvX4abuOV5YXq/yqpaqPTA5SPwiEUE=
=sb0x
-----END PGP SIGNATURE-----

Since you replied:

Just say it anyway... As in, a post all by it's own. GPG signed. huh! (then go through a vetting process through someone like John K., DyslexicZombei, or Dabs).

hehehe.

I'm not sure it adds anything to this thread for me to say that I would never do that.  I would say that whether I was cheating or not.

Ultimately I don't see any way to prove my innocence.  Any evidence I present can be interpreted as clever planning ahead.


I'm not sure who "him" refers to.  If you're talking about me, I only have a single persona, "dooglus".  If you're talking about

  2548  nakowa           4396.70598393
  9075  cici               47.39764653  
 31791  celeste          1236.87587630
113828  prime             231.78085900  
118977  gigad            -300.00000000
119016  alison           -118.83210594
136175  allover          2562.32000000
143341  charlotte        2506.26599180
145625  cake             4440.43886180
150486  christina        1001.06250000
153338  percent         -2976.00000000
155525  claudette       -2000.00000000
161188  berathea         1163.78674773
171208  josephene        -120.00000000

then you would have to ask him why he uses so many different names.  Sometimes he asks to be permanently blocked from gambling on an account, and so then has to make a new one to start playing again, but that explains less than half of his name changes.

It's probably easier to compromise the server seed than to steal from a coldwallet.

There could be many reasons.  Perhaps the wallet isn't as easily as accessible.  Perhaps he could figure out the seeds on his own.  Perhaps it was an inside job and it's easier to have plausible deniability when just some guy gets lucky.  Or someone could have just been lucky!

That being said, if it's this simple to cheat, why anyone would "invest" in this site seems a bit crazy to me.  It's also equally easy to just walk away with the investments, although perhaps the threat of prosecution or retaliation is great enough that it's easier to just do it subtly.  That being said, if someone wanted to do it subtly, why create a single account that exploits this?  But people have done dumber things in the past.  For example, POTRIPPER: http://www.youtube.com/watch?v=FczbS7FiWSM

As far as I understand you're absolutely right. But that requires, as you already said, that the attacker indeed has access to the server seed.
The question is if its easier for an attacker to just try to access the site wallet directly and steal that way, or to figure out how to get the server seed and then have to hassle with predicting his own rolls etc.

Edit: Or maybe he figured out how to generate the server seed from the client seed?

I looked at the way the rolls are generated and it seems that someone who knows the server seed can easily cheat the system and even in a way that looks legitimate.  I haven't looked too long at it, so forgive me if there are mistakes.

From my understanding, there are three things used to generate a roll:
1)  Server seed
2)  Client seed
3)  Roll #.

The server has its seed determined ahead of time.  It publishes the hash so you know it isn't changing it out from under you.  The client seed is something you can choose.  The roll number is the sequence of rolls.

If I have all of this information, I can roll 10 times ahead of time with a client seed, see if I have an advantage, then bet as needed.  I can also choose to bet on winning payout values since there is a winning value at almost any level.  To keep it simple, you might just want to pick one high-odds payout, and run 100 rolls, then see which client seed pays out the best, then run that seed.

Hopefully I am just overlooking something, but if the server seed has been compromised in any way, its incredibly easy to pick a client seed and bet amount that pays out +EV over time.  This could be an insider, someone who has somehow gotten access that shouldn't have, etc...

Maybe someone can explain why I'm wrong, though.

11K is certainly at least interesting.  For that kind of money, even a Vegas casino would be reviewing all their security cameras and bringing in the pros.  It's not absurdly out of variance, and it would be absurd, actually, if there weren't streaks like this.  IIRC, Satoshi Dice operated in the red for months at a time.

But $1,460,000+ is some serious scratch regardless.

Thousands of btc got stolen by whales .... I wonder who they are

There is a potential solution. But it would require unwanted delays and the game would no longer be instant, and we would be relying on third party servers. Too much negative, a lot easier to just put some faith in humanity.

I could, for example, use multi-sig escrow. But people who would want that can do it themselves, and that still presents the problem of all must be in agreement, or else the funds will be stuck. It's a lot easier, again, to put some faith in some humans (like me? like dooglus? like John K? like the bitcoin devs? like the owners and operators of online wallets?) and have them do what they claim they will do.

It's rather unfortunate that some have to default, disappear, suffer, get hacked, die, hit by a bus or train, or have other problems.

As one motivational speaker put it, "I take the money, you paid me. I don't need your money. But I take it anyway. I provide you your money's worth. I give you a seminar for 1 day or 3 days. If you feel you've been cheated and did not learn anything from my lecture, feel free to ask your money back from me personally, and I will give it to you."

Yes, that would be the ultimate way to steal.  To mitigate the risk, however, would involve allowing inquiry into a suspected user's betting history, which presents separate issues.  One can also spread out winnings across multiple accounts so as to fall below investigation threshold.

Perhaps there is a way to make the server seed "provably secure" without introducing other risk factors such as collusion, however for now it is solely relying on trust in doog.  It is a required condition to invest in JD.

Well.. You guys must realize that it would be very easy and untraceable thing as dooglus to steal from investors. He knows the seed and can act as players and steal thousands, hundreds or tens of bitcoins - and nobody will ever know!

This.
+1

socks get dirty haz to send to dry cleaners? lol

I'm just curious, if everything is clean with him, why is he operating under multiple personas, creating a new one every month?