Topic: [UPDATE] - BetSomeBits is ALMOST LAUNCHING ! (Read 5580 times)

my company is managing it (me and my business partner), but we have 2 devs working on it. (me beeing one of them)

Take your time! Do you have a team that's working on it with you or are you single handedly managing the site? Don't hesitate to ask for help!

not sure yet, alot on my plate these last few days, with holidays and all.

Ill prolly start the actual advertising somewhere in january, as i want to get the referral system in before that.

Other then that, im just fixing minor bugs etc, and working on the admin panel, stats stuff, etc when i have some time to spare.

Its playable and live, but not in a state where i want to market it yet basically, really need the referral system in first ..

Do you think you're going to have a signature campaign to raise awareness? :O

[/b]

update: we have not fallen asleep ! we are just waiting for our EV cert to come trough .. SLOW

Changelog 16 december 2014:
    -terms on register page
    -typos
    -provablyfair link moved to footer
    -more footer changes
    -FAQ page
    -Terms page
    -btc wallet address is now required on signup

thx for the feedback. will be fixing that typo as soon as im at te office, she low ssl provider is pretty much allthat is holding up the launch now ..

It looks a lot better than when it first was being tested!

Just another little grammar thing: "Keep on rolling, untill i say stop!" should be "Keep on rolling, until I say stop!" if you want that exact phrasing, or something like "Endless (click stop to end)"

We have postponed the official launch a few days, as we are still waiting for our SSL EV certificate to come through.

update: wa are currently in the process of having our ssl certificate approved and aquired.

edit: the ssl will include company verification. so you will know exactly who is behind the website.

dang there goes me trying to be a funny person

no actually this has to do with the ajax submit function, if you simply press enter when focused on the seed field. instead of pressing the btn. you see the same result.   known bug since day 1 of the ajax implementation.   actually had zero to do with the content you typed in ....

Please note I also made the page redirect me to by repeateded trying to drop the table. Which I think is a bug

it all depends on the severity of the bug i guess..

Do multiple notable bugs count for multiple rewards? 

ok. this guy too.

and from now on. only rewards for bugs....

what about me?i also gave u a typo

i'll add you to the reward list, for the typo..

i normally only reward for actual bugs, not suggestions, but i guees the typo should count aswell

do any of my finds qualify for a bounty 

Just deployed an update, containing our first implementation of auto-rolling

Thx for the feedback,

i've fixed the typo
lined up the profile a little better (atleast on my tested resolutions),
and added the min length to the placeholders of the username and pass fields

Ive fixed the changeseed so that upon successfull change, the previous error dissapear.

Im adding your other comments to the to-do-list

Thx again.

Entertaining and interesting

quick stream of conscious feedback as i play

-nice colors
-my username has to be 6 letters, i wish it would have told me before i submit
-kind of annoying i have to use the slider instead of just typing in the amount
-not much feedback for winning or losing, a bit over complicated display
-a button to hide the secret stuff may be nice?
-i dislike the bitcoin pattern on the slider bar, maybe a simpler geometric shape design or solid color
-i wish i was able to drag the whole bar as one so i dont have to reposition both ends for the same range
-"prepare next bet" and "bet" could be two seperate buttons perhaps
-option to auto prepare next bet?
-this should say "break"
-blue on white very small text is hard for me to real
-these should be lined upppp ahhh

after changing the seed (successfully) the "seed was not changed" dialogue still is shown
(i was trying to break it with zalgo text, ahaha)

lmao i entered my seed as  "Robert') drop table seed"



anyway, i had fun,

quick post: the error you got was because you bet either at 0% or 100%, i changed the error text.
bet max btn has been fixed.

will post more when i get back

It will be very good,if u can pay them.If u cant pay a guy with 100 refferals with 1% of his earnings given from the affilate system,and every ref has wagered 1 btc,its 0.01x100=1 btc per 100 btc wagered ,per 1000 wagered on all ur affilates it will be 10 btc,per 10k wagered it will be 100 btc with AN 1% of ur refferal's wagered amount.If u have enough bankroll to pay them,there will surely be much people to start advertising the site there,to their friends,to youtube,to their school,to their work,to other btc sites,to other gambling sites.

About the site,why u shall type all these things SOME people dont understand, make a button where it shows all this,known as Probably fair? in most sites.

Bet id 2270880a-7fd6-11e4-a777-ee6e5c847eec
   
$hash = hash_hmac('sha512','27959a8df82f95f01153df66a01b6b9a:2270880a-7fd6-11e4-a777-ee6e5c847eec', 'WILL BE REVEALED AFTER TO ROLL');
//$hash = b4b7bc96f8af641be1d21d36f7d2bdab7a3dcdb7139136e0cd69068a51e5a697;
$firstfive = substr($hash, 0, 5);
if(hexdec($firstfive) > 1000000) {
    $firstfive = substr($hash, 6,5);
}

$result hexdec($firstfive)/10000;
//$result =

on the betting screen?

Also the slider's picture is a bit annyoing.It isnt going together with the design.

An idea most sites dont have:Add an chat with emoticons like Kappa,most sites have just live chats without emoticons add a rape face emoticon,kappa,doge,whatever u can think of,most of the people gambling also like chatting.there will be people which will come ONLY for the chat and not the site itself,so this will bring MORE TRAFFIC to ur site.

When i press place bet,it types this  Please dont screw with our system.

Edit:Now i can bet,but hwen i press bet max,it bets 50% of my balance,why is this?

Like a said, these are just thought, and this is exactly why i posted them there, because i appreciate would like feedback on them, i am in no way saying that i am going to put it in..

Your thoughts on an affiliate system ?

With investment option u wont earn any money with the site.Even stunna said this.

fixed the deploy, but i still cant seem to figure out why you are not seeing the charset properly ?

yep just noticed the same when checking mobile except the charset.

i was in to much of a hurry earlier today and deployed a buggy version.

i cant update for atleast another 12-14 hours as im bussy for a sec. im rlly sorry about the bad deploy.


can you provide more info regarding the charset, your browser, os, etc.    as it displays proper for me ..

thx in advance.

Well,

first thing is probably bad charset on website.
http://rovi.8u.cz/Projects/betsomebits/bad-charset.jpg

2nd thing Result over 100.
http://rovi.8u.cz/Projects/betsomebits/result104.jpg

3rd Empty Wallet notice
http://rovi.8u.cz/Projects/betsomebits/notice.jpg
Notice is visible even when I am not logged in.
Invalid captcha -> something with incorrect id for solvemedia

No cloudfare please.Everything else but no cloudfare.

UPDATE: all accounts, rolls and stats have been cleared, will now start testing the withdrawals with hexafraction

If all goes well we will be live before the end of this week !

changes:

    -seedForm is sanitised upon submit
    -hide seedform between roll nand next roll (did not make sence changing seed when looking at result)
    -username minimum 6 chars
    -passwords minimum 8 chars
    -added captcha to faucet


i think we are going to be ready pretty soon ...

ill add a token and a sanitiser to the clientseed form today.

regarding the useramount. all calculations and processes are based on useramount. so if useramount is messed with. it doesnt really matter. it gets displayed. and is an inpit yes. but does not get processed

(havent watched videos yet, im on mobile atm) so ill adress those as soon as i can

pass length: your 100% right

ill add you to the list of rewards and ill reply regarding the videos when i gwt to the office.

thx

Vulnerabilities ^_^:
XSS (Cross site scripting) in the change seed thingie.
There is also no CSRF protection on this either.
Video: http://gyazo.com/9eaa38097d913eb8b78cd957a94e607e

Possible places for vulnerabilities:
->On the withdraw page, you've got 2 post variables userAmount and realAmount. It seems that you validate userAmount but not realAmount. I cant test it as I cbf depositing $3 into your site but just make sure that the user cant put userAmount = 0.01 and realAmount = 5 and it will send them 5BTC sort of thing. I doubt you can, but just a heads up.
-> You're able to do negative numbers on roll amounts. Although this probably wouldn't change anything, there isn't any validation for this.

Silly errors:
0.00000100 BTC divide by 2 doesn't equal 5.70000000 .
Video: http://gyazo.com/323eeb6bcc6deef1035005d2ea9b2300

Suggestions:
-> Require a minimum password length. I could have one character and it would accept it. This is just in case of a DB leak, although it's not going to really help that much.
-> Cloudflare would probably be good.

told you to do it!also told u the 2fa thing,is it going to be ready sooN?

im liking the new design, really starting to look nice he

okay

for opinions, no, because everyone has them

For helping ? Well like a stated in my first post, anyone who finds a bug gets rewarded,

other then that, any info provided to me, that i feel is substantial, gets a reward.

Will i be rewarded for giving my opinions&helping u?

decided to work after all

more changelog:


security changes
confirm 2-fa auth code before actually enabling 2-fa
added "points"
changes to deposit modal
dont allow faucet if balance > 0
faucet added
blockchain api fixes
info on transactions screen
withdrawal iframe changes
ajax betting errors fixed
stay informed option on profile
massive ajax changes

update: i wont be working much this weekend so ill see you guys monday!

no feedback on the new design and ajax implementation?

thx

Also, hexa, can you pm me the name of one of your test accounts on the site, so i can start making preperations for the testing of the transactions, i will disable them for all users except the ones i choose

EDIT: just deployed some significant design changes,    working on ajax now

EDIT: just added an ajax implenetation, check it out and see if you guys like it ..

also, i know that error reporting is broken atm, due to the ajax, so i'll get to that very soon   (bet too small or big will not give a visual error atm)

phpmyadmin has been secured.

Ive also added google authenticator!

change the name of you phpMyAdmin, and the index.php within said folder to secure it.. Oh, and remove it from your root directory, it does'nt need to be in the root to work

Update

deposit and withdrawal are finished, but disabled atm (you wont see the buttons, only specific users will...)

profile page is done, will let you change your password, email adres and bitcoin payout wallet.


113ef50 layout and type fixes + missing url
1f854b8 fixes
7755abe more withdraw stuff
aa3d268 change wallet id via profile
a34j268 change email via profile
8f0d478 change password via profile
0322c64 more on withdraw
d4ba0af more on withdrawls
7e61540 link to has info page, on transactions page
7998ff3 deposit fix
589b719 many changes + more deposit stuff
2277e2c many changes + more deposit stuff
ed3aaff many changes + start deposit stuff

the phpmyadmin will be hidden soon, but like i said. its the phpmyadmin for a different server..

2way auth will be added aswell

and regarding the email adress, ill make it so its optional, so you can set one, IF you want. in case of pass resets if forgotten
and the ability to change your pass when logged in.


just woke up. will be starting work in a few hours. will deploy asap

also add 2fa verify

Hmm, a monetary site with no visible way to change a password or reset a password via email? It would be nice for that functionality to exist, so that there are less risks of loss of money.

The guy who pointed out the myAdminphp link should be payed attention to, as a bruteforce of password using pyrit/cuda would reveal more than you think.. in fact, all that you see..?

Edit, sorry, was focusing on news, The guy who pointed out the phpMYadmin is correct, as I can rip anyones password using cowpatty piped through my cuda based pyrit (no passwords list) in around a day..

A password to myadmin gives complete opportunity to change anything at will.. you do like your site, no?

quick update. on mobile. not much time

implemented withdrawls and deposits. havent deployed yet. i will this evening or tommorow.

thx

s

Be sure to make the max payout like 1% of your bankroll.Thats what most sites do when they start.
Also if i can be rewarded for non-coding help,but help with normal things here is my addy 1QGChLzdZQreNF1k6M3Mrz82cBDsMRzYsW

Make the min withdraw 500 satoshi x the max payout u can get with 500 satoshi to prevent bots creating new accs with different ip adresses all inning at the min win chance and max payout to make profit and withdraw.This is also called as faucet abusing in pd.

Minimim withdraw,  my processer takes 0.0001 mining fee, the player will pay this fee upon withdraw, and anything above that can be withdrawn (does it make sense how i explain it ? )

Hmm, im thinking, once i go live, in production, i will start of with lower maximum bet amount & lower max payout, and slowly raise them, as i get a feel for the volume and number of bets, so that i can calculate how much i can allow in max bets, confidently knowing that i could pay all bets (i dont want the max too high, to early, without knowing for sure that our budget can handle it)

What about the withdraw?How much is the max payout u can have?Like pd has 20 btc,some sites have 2,some sites have .2 btc max u can earn by rollin at ONCE

a.k.a for pd it is 20 btc profit 20 btc bet 20 btc wagered max

Yep rolling without refreshing is certainly on the menu, but im working on the internals mostly, before the design and "fancyness"

But ajax is defenantly coming soon, ill simply make the roll via ajax, and change only the "previous roll", "current roll" panels, and refresh all balances.,   but like i said, internals first.

Im working on the deposits atm.

also, regarding the bonusses

How about this, if i instead of a "username", ask for a wallet address instead, and have cachouts go only trough THAT wallet, that would alteast make it so that people can only make as many accounts as the have wallets, instead of just unlimited accounts, HOWEVER, as i would also have to mention this on the registration page, im afraid this might alienate certain people ( for only beeing able to cachout to a single specific wallet) ..   

any thoughts ?

Thx

Okay,but,make any design thats better than this xD.Make the minimum withdraw like 50k if the signup bonus is 500 satoshi,100k if its 1000 satoshi to 5000 like primedice.And what about the refreshing page while rolling thing?

Hope my signature may help you! 

httponly should be set now, and i fixed the php_expose settings aswell.

also, more changelog:
    -Inputmask placeholder on bet amount input changed from "_" to "0". (BGkockata asked for this)
    -Inputmask on bet amount now using overwrite mode instead of Insert mode. (toggle using insert)
    -Fixed rounding issue on 8th decimal (no BTC values are rounded, except when displaying, this fixes the 60% single satoshi bug).
    -Added statistics displayed in top navbar

as always, keep em coming !!

No, there's a flag (httponly) that can be set on a cookie that tells the browser to make it available to the server, but not to any Javascript running on a page.
Also, it appears that PHP's version is no longer being exposed through that long URL.

Yep, ajax will be implemented soon, to prevent the refreshing

Regarding the 100% win bet, how did you accomplish this, as it should refuse rolls at 0% or 100% change..

Thx

on mobile again: so in short again:

sorrt for the typo. will be fixed.
db is on a diff server. the phpmyadmin you found does not hold the betting data

server setting will be fixed, bet regarding the php session id in the cookie, thats normal ?  same with fb, prime, etc ?

i really dislike the win8 metro look actually


and regarding the 60% chance and winning 1 satoshi.   is this not the same at prime?  it seems im getting the same results there?  thx
i guess the question is: is 0.00000001 X 1.7.    0.00000001 or 0.00000002


will post more elaborate response when im in the office


edit: looking at previous rolls: lol @ user "test41241' OR 1=1; --".

edit: how many ti.es the signup bonus, should be required to withdraw ( to prevent abusing the bonus).   at primt its like x200 or something i believe

If you wanna go all Grammar Nazi, it's "Fixed with a fairplay algorithm", or something along those lines.

There is a typo -
fixes to fait play algorithm.

It must be:

Fixes to fair play algorithm.

In here u typed it right,but on the site it has a typo.

Also, I found phpmyadmin. No vulnerabilities as far as I know, though I'm not familiar with it. May I have permission to run a quick portscan from my personal IP?

 I cant get the free satoshi by refreshing the page  

Make it so it doesnt type 0.0_______ when i dont type all the zero's and make it auto typing the zero's its so annoying.

Well, 100% doesn't make sense. However, I put in 1 satoshi, set chance to 60% (so payout is 1.64%) and clicked bet a bunch of times. Eventually, I was slowly winning in the long run, due to rounding error. Might be insignificant, until a bot comes along. I do agree on using AJAX instead.

There are some technical points of interest:

• PHPSESSID (cookie) is accessible to javascript so if an XSS or something does occur, then JS will be able to steal the session.
• hxxp colon slash slash betsomebits.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 reveals info about the PHP version (estimated by way of author list) and extensions, which is a risk. Set expose_php = Off in php.ini, or rewrite URLs so this is not accessible.
• Apache 2.2.22 is somewhat out of date. Not sure if there is an issue here yet, though.
• "PHP/5.4.35-1+deb.sury.org~precise+1" is made known to the world through the X-Powered-By header. If there's an exploit in this specific version, that might be an issue.

As I find more, I'll post them.[/list]

Make a design with better colors,with the modern ( i call it windows 8 ) style with flat colors,most people play on pd cause its UNIQUE!
Im gonna start testing the site,hopefully there arent tons of exploits.

Edit:Refreshing page every bet?Thats bad for people with slow internet.

Edit:I can bet on 100% win chance and earn 1 satoshi everytime.

Do u have a gambling license ?

I'm also willing to test withdrawals! The concept of only giving them a certain amount if they're at 0 is more cost-effective for you, but it may be counterproductive for business unless it's a decent amount to gamble with. If you did the daily bonus people could abuse it, but it would attract more loyal customers. Ultimately it's up to you to you around with how you'd want to do it

Very well, fair enough


EDIT: just added link to page to verify your own bets (http://phpfiddle.org/main/code/4071-5c2q)

Hmm, i like the idea of combining the site with a faucet, but should i do it like prime does, allow the user the use tha faucet, every x amount of minutes, IF their balance is at zero..

Or maybe even indeed, give them a bonus, once per day, on the first login of the day, each user, even WITHOUT their balance beeing zero ..    or base the amount of daily bonus given, on the total amount wagered by the user so far, something like that ?

Thx

I'm willing to do testing of withdrawals. I'm familiar with the Bitcoin network, and I'll try to "cheat" the withdrawal system as well. Anything extremely large that I get, I'll return except for a small bit for finding it

Update :

more changelog for 3 december 2014:

 d9fd9a5 - input mask (9.99999999) over amount field
 d90065e - layout changes to previous rolls page
 60c6d6d - fixed typo on registration confirmation page
 0427049 - redirect to bet page after login
 ce26655 - added missing login button translation
 5efa4e1 - fixed footer copyright
 455b910 - unallow 0% or 100% bets

I think a decent amount would be dependent on your funding; there are some sites that offer .0001 - .01 BTC for signing up during the promotional period. Another possibility for the site could be a combination of a faucet, which again is up to you; upon logging in, people could get 500 satoshi, each time once a day or something. It seems like it'd be somewhat easy to abuse the system if the signup bonus is too big though, as there are people with multiple wallets, myself included

im not in the office anymore. so in short:

betting at 0 or 100% has been fixed. but not yet deployed

the typos and dutch words will be fixed this evening.

same with the redirect.

same with the email

ill also put an inputmask on the amount input. only allowing correct input.


in the mean time heres a question:

how much would an average user consider a "big enough" signup bonus to convince them to give it a go, where they would just bounce if there was no bonus/small bonus ?

thx again amd keep em coming guys, ill update here when the next version is deployed. hopefully this evening



edit: when i get to implementing the withdrawals. i will actually have a few people from here (like 5) make real withdrawals to test the system. so keep an eye out ..

using btc i will donate to your account obviously

Coolio, thanks again! Upon registering a new account,
"You have received 500 Free Satoshi to play.
Click here to go to the betting screen, or click BET in the top menu/" is the message provided.

The "Sign-in" button is currently in Dutch, which is fine, but it might as well be changed to English if the whole site is going to initially be in English.

Also, after logging into an account, they should be directed to a different Home page/directly to the Bet page; as it is, it's redirecting to the home page and prompting for a name, so that the user can set up a new account, even if it's already logged in.

This also might not qualify as a bug, but if you bet something like .00004AWEDAJ@ or .00004 or .00004!!!0339-4, it will roll, betting for .00004; maybe disable special symbols in that text area, or give an error message?

You shouldn't be able to make a bet with 0% probability. If you set the min guess and the max guess to the same value, it still lets you roll the dice, with a 0% chance of earning a payout.

Correct, i still need to fix this, but it is a known bug, yet i will reward you for it still.


- CopyRight in the lower left corner could be changed to Copyright  correct
- Upon creating a new account, change the / to a ?  Can you explain this, i dont understand what you mean ?


Out of curiosity, why does everyone get their own e-mail address? This is also something i still need to fix, the underlying database needs a unique email adress for each user, before i get rid of the email altogether, i bypass this by generating random email adresses for each user (as i dont want to ask the user for its real email adress, as i dont feel the need to spam people )

You shouldn't be able to make a bet with 0% probability. If you set the min guess and the max guess to the same value, it still lets you roll the dice, with a 0% chance of earning a payout.

If that qualifies as a bug, payment can be accepted here: 1Ch173DuRzf1aDxnbabo1rQhUJa2YkfDZG
Thanks!

Couple stylistic changes just to make the site appear more aesthically pleasing:
- CopyRight in the lower left corner could be changed to Copyright
- Upon creating a new account, change the / to a ?

Out of curiosity, why does everyone get their own e-mail address?

THX? i changed it to "Repeat Password", you where completely right ..

i also made the registration and login process easier just now, by making it 2 step,   first username,   then pass.

Just a small wording issue for now. "verification" was a bit unclear, "password verification" or "confirm password" would make more sense (as a bilingual-native English speaker).

update :

Changelog 3 december 2014

    -The secret used for your roll, will be revealed, onscreen, after rolling, without having to leave the page.
    -Account functionality added, you can now register and login. (500 Satoshi signup bonus).
    -Previous bets page now show "My Bets" and "All Bets" tabs.
    -Fixed bug allowing negative amount to be betted. THX TO hexafraction <- i mentioned you on the website, and will be sending you a reward shortly

im on my way to the office. but quickly:

bet max there is a bug that wont let you bet your last satoshi, known bug.

negative bet amoumt: unknown bug: hexa will get rewarded

keep em coming guys.


ill post more info when im in the office. typing on mobile atm.

thx

I did Max and rolled, got this error: "bet larger then wallet ?"

I'd say to break a system is to render it useless, if it still operates, even though it pays, it has'nt been broken, only taken advantage of lol..

Damn, beat me to it. Yeah, plugging a negative value into the bet will increase your balance. You can plug in a negative value that's greater than your the absolute value of your current balance, too. Don't know if this would count as breaking the system though.

Forcibly resending a POST for a roll again with the same roll ID causes a 500 Internal Server Error:



I just right-clicked the initial POST in the inspector and selected "edit and resend". I also tried some more tricks like switching bounds, giving absurd bounds, giving unparseable bounds, everything looks good. I'm not able to see the server seed after a roll, however. It just stays at "(hidden, but will be revealed after the roll)" after each roll. (it seems that it's shown on the previous rolls page; a link won't hurt).

Most importantly, typing a negative number into the bet and making a hard-to-win roll (e.g. from 0 to 1) causes balance to go up on average.

Other than that, I'll keep trying tomorrow.

As per "ps, you are actually encouraged to try and break the system if you can, and IF you can, i'll reward you for it !", 1EYhYbBKRSM85EaoUbgQmnCwQerQWL99so is my address. Thanks!

For a provably fair system, if I ran a bitcoin gambling site, I'd guarantee winning all the time, though how much depends on a ratio of how much gambled..

Kinda make people WANT to gamble knowing the have a chance of getting a win of at least 10% of what they put in up to no max.. this way they get something back and can continue to play.. also, pay direct to customers wallet, not the crappy hand it to a third party regime.. because some of these sites would take a lifetime just to withdraw crumbs..

I've been an idle bitcoiner, due to the fact I see no increase, thanks to others hoarding that which is apparently mine.. Since no interest can be gained from bitcoin, it defeats the purpose of getting more folks into using the currency..

Just my 2 bob's worth, hope it helps somewhere..

Lol, nah, was just askin, I'm not here to mess wi site's, only talk crap in the bible bashin thread, just caught on to the challenge

against the site. but feel free to put the provably fair to the test aswell

all feedback is appreciated

EDIT: and also, why would it not be fair?

the hashed server secret is show, the clientseed that will be used is shown (you can change it obviously)

and only AFTER these have been set, and showed to you,   will you make a bet, guessing between wich 2 numbers, the roll will end up..

I actually believe this is much fairer, then for example primedice, where you cannot shoose the max and min guess.




So for a 50% win in primeval, you would need to choose to either roll under 50, or roll above 49.99

on BetSomeBits, for a 50% chance, I can choose for example between 28 and 87,   or between 0 and 50,   or between 10 and 60,  or WHATEVER.

So in my opinion we are more transparant then primedice for example .


But again, i am open to suggestions.

Sam

Metasploit, here we come lol...


I wonder, is this challenge against the so called provably fair (not true), or the site itself?

IN DEVELOPMENT: https://betsomebits.com


WILL BE REWARDED SO FAR:

• hexafraction
• AnonBitCoiner
• PotatoPie

Changelog 3 december 2014:

    -The secret used for your roll, will be revealed, onscreen, after rolling, without having to leave the page.
    -Account functionality added, you can now register and login. (500 Satoshi signup bonus).
    -Previous bets page now show "My Bets" and "All Bets" tabs.
    -Fixed bug allowing negative amount to be betted. THX TO hexafraction <- i mentioned you on the website, and will be sending you a reward shortly
            and  
    -input mask (9.99999999) over amount field
    -layout changes to previous rolls page
    -fixed typo on registration confirmation page
    -redirect to bet page after login
    -added missing login button translation
    -fixed footer copyright
    -unallow 0% or 100% bets
            and
    -fixes to provably fair play algorithm
    -reflect algorithm changes in provably fair popup box
    -changed profit on bet page to show total win MINUS original bet amount
    -added link to page to verify your own bets



Changelog 4 december 2014:
    -Fixes to server settings (security related).
    -Inputmask placeholder on bet amount input changed from "_" to "0".
    -Typos.
    -Inputmask on bet amount now using overwrite mode instead of Insert mode. (toggle using insert)
    -Fixed rounding issue on 8th decimal (no BTC values are rounded, except when displaying).
    -Added statistics displayed in top navbar ( ALL ROLLS HAVE BEEN CLEARED, TO MAKE SURE THE STATISTICS ARE CORRECT    @    14:25 - 4 december 2014 (CET) )

Changelog 5 december 2014:
    -layout and type fixes + missing url
    -fixes
    -more withdraw stuff
    -change wallet id via profile
    -change email via profile
    -change password via profile
    -more on withdraw
    -more on withdrawls
    -link to has info page, on transactions page
    -deposit fix
    -many changes + more deposit stuff
    -many changes + start deposit stuff
    -added link to bitcointalk page on homepage
    -limit previous rolls page to 1000 rolls
    -validate bitcoin address when saved in profile
   -google authenticator 2-way verification added
    -Fixes to withdrawal display
   -Massive changes due to ajax implementation


Changelog 6 december 2014:
    -security changes
    -confirm 2-fa auth code before actually enabling 2-fa
    -added "points"
    -changes to deposit modal
    -dont allow faucet if balance > 0
    -faucet added
    -blockchain api fixes
    -info on transactions screen
    -withdrawal iframe changes
    -ajax betting errors fixed
    -stay informed option on profile
    -massive ajax changes
    -MASSIVE DESIGN CHANGES


Changelog 8 december 2014:
    -seedForm is sanitised upon submit
    -hide seedform between roll nand next roll (did not make sence changing seed when looking at result)
    -username minimum 6 chars
    -passwords minimum 8 chars
    -added captcha to faucet

Changelog 9 december 2014:
    -added twitter btn
    -charset fixes
    -empty wallet notice fix
    -captcha fix
    -htaccess fixes
    -fix coinaddress validation
    -bet max button fixed
    -added update info to footer
    -added support chat
    -fixed typo, changed error msgs

Changelog 10 december 2014:
    -on successfull seed change, remove previous error message
    -display min length for username and pass, in placeholders, on login and registration page
    -text changes on profile page, for layout
    -'brake' != 'break' typo fix
    -Simple auto-rolling system!

Changelog 16 december 2014:
    -terms on register page
    -typos
    -provablyfair link moved to footer
    -more footer changes
    -FAQ page
    -Terms page
    -btc wallet address is now required on signup

Changelog 19 december 2014:
    -SSL came trough

more todo:
change bitcoin pattern on slider
make all resources local

more todo/thought:
be able to type range instead of having to use slider
toggle display mode simple/advanced
be able to drag slider bar
roll n times option

thoughts:
affiliate system?