It seems you put a lot of thought into security measures. Still it seems the callback API is somehow lacking. The only proof that the callback is actually coming from your site is the IP-Address of the sender. There are possibilities to spoof the source IP of a TCP connection, especially in a case where the attacker has access to the subnet of the receiving system (see e.g. http://www.symantec.com/connect/articles/ip-spoofing-introduction). You should consider adding another security layer here. For example on bitcoinmonitor.net callback notifications I added a signature to the callback data which makes sure that the callback was created by the server and not someone else (see http://www.bitcoinmonitor.net/help/ -> section "security"). As the signed data does not contain a time component this is probably still prone to replay attacks of the same request with same signature and spoofed sourceIP, but at least raises the bar. And I am sure there are advanced cryptotechniques that could also close this attack vector.
|
|
|
2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?
I think in some thread Dooglus mentioned that withdrawal from just-dice to inputs.io will be implemented soon.
|
|
|
Your TX has been credited. Got it, thanks!
|
|
|
Also dooglus ist einer der wenigen hier denen ich ohne sie persönlich zu kennen 99% vertrauen würde. Jedenfalls genug um ein paar BTC zu investieren Ich hab eher Angst dass er selber von dem Erfolg überrant ist und vielleicht die site nicht die Sicherheitsvorkehrungen hat die sie bei solchen Beträgen haben sollte. Dooglus hat selber übrigens nur 250 BTC investiert. Was mich an dem Konzept etwas stört ist, dass durch diese riesige Investsumme der Gewinn prozentual immer kleiner wird. Also statistisch gesehen macht die Site 1% Gewinn über alle Wetten. Mein Invest ist inzwischen geschrumpft auf 0.16%. Damit krieg ich also nur noch 0.01*0.0016 von allen Wetten :-/ Das macht also auf Dauer keinen Spass. Das Problem ist dass die Wettsummen nicht genauso steigen wie die bankroll. Bloß weil man jetzt 116 BTC mit einer einzelnen Wette gewinnen kann machen steigt der durchschnittliche Wettbetrag nicht auf x BTC.
|
|
|
The server hosting bitcoind backend went down yesterday evening, resulting in no notifications being sent. Got it running again this morning - system has caught up in the meantime and all missed notifications should be sent out. Sorry for the downtime :-/
|
|
|
Leider zu weit weg, sonst wär ich dabei
|
|
|
Awesome! Unfortunately too far away - I would definitely join just for the fun of it!
|
|
|
Hah, just found this thread after sending you a PM Hint: The link to the forum thread in the FAQ is still pointing nowhere I totally love the invest feature. This will be huge! => #84
|
|
|
Klingt irgendwie interessant, aber ohne weitere Details zu wissen halte ich mich raus. Ich denke es wäre auch nicht schlimm schon jetzt mehr Details zu veröffentlichen. Wenn die Idee so einfach ist dass sie eh jeder Honk nachbauen kann macht es sowieso keinen Sinn. Falls mehr dahintersteckt wird es auch so schnell keinen Nachahmer geben.
|
|
|
Yep, it's a pretty good point, which is why I have requested deletion of my ad.
Damn decent of you. +1. (And sorry for mixing up Mods and VIP)
|
|
|
Yeah, there are actually quite a few "announcements" in there that I don't see very important at all and some (e.g. new releases of main bitcoin wallet software like bitcoin-qt or Armory or electrum) are not posted there...
Most threads are about hacks, compromises and lawsuits or their fallout. Is this really the impression that "important announcements" of the Bitcoin community wants to give of Bitcoin?
Posting threads about how one can earn some sub-cent amounts for using a centralized, closed source, proprietory version of IRC is also not the solution imho.
+1! I was just thinking wtf why is advertisement posted under important announcements. Then I realized that moderator also has it in his sig. Oookay. Nice way to abuse one's power.
|
|
|
Some significant amounts were bet the last few days. Check out the stats of benzoate and gandalf - quiet some impressive sessions there, both winning and losing . Although they don't yet come close to the long-standing record-holding 1260 BTC payout obtained by Ash. To be fair I should mention that at that time the bet limits were around 30% higher than today
|
|
|
What blockchain offers is not per transaction but globally for all transactions.
|
|
|
Sieht alles sehr interessant aus! Ich drücke alle Daumen dass es bald ein paar mehr "große" Tauschbörsen gibt...
|
|
|
Since bitcoin-Qt 0.8.2 has been released with updated default tx fee policy I changed the according policy also on bitbattle.me: - Transaction fee for payouts is calculated accordingly (minimum 0.0001 BTC instead of 0.0005)
Also the acceptance policy for unconfirmed transactions is adjusted: - If a transaction has fee >=
0.0005 0.0001, and all inputs are confirmed -> ALLOW - If a transaction has fee <
0.0005 0.0001, but all inputs are confirmed -> ALLOW - If a transaction has fee <
0.0005 0.0001, and at least one input is unconfirmed -> REJECT - If a transaction has at least one unconfirmed input but fee >=
0.0005 0.0001 -> ALLOW - If a transaction has at least one unconfirmed input and fee <
0.0005 0.0001 -> REJECT
Have fun
|
|
|
No significant change in bet volume here.
|
|
|
Just had a few rounds here (username Herbert) and have to say I'm impressed! The UI is totally slick, bets are rolling fast, everything works fine. So it looks like I need to figure out some new ways to get rich Have to say though from my own experience: I can't believe you are running with 1% house edge. The variance will kill you unless you have huge piles of bitcoin. I started bitbattle.me with 1.8% and raised to 1.9 after a few months and still on overall the real house edge I have is way below 1%
|
|
|
|