Edit: Got funded. And I saw you added those features I was talking about to your friend Namcoin. Might have to play CR a bit more now
Which features are you talking about? Actually a smaller slider was in the original design under the custom text input but I couldn't make it usable enough. The new slider is big and well, more usable. Also his name isn't Namcoin ![Tongue](https://bitcointalk.org/Smileys/default/tongue.gif)
|
|
|
Currenty running a 0.02 BTC promotion
Post your user ID in this thread and your account will be credited with 0.02 BTC.
If you don't have an account you can make one by depositing a small amount. Even 1 satoshi will do, although make sure you use a fee of at least 0.0005 so that your account creation is instant.
|
|
|
Just have each separate bet deplete from the maximum allowable bet. About the clutter I thought that also, and there's ways around that such as leaving the default betting screen how it is now, and allowing someone to select a different screen with the more options if they want.
I'm not sure multiple bets would be done on the same "roll". It would most likely be a client-side thing where the button is automatically pressed for you.
|
|
|
Here's a suggestion: as well as '2x', how about a 'martingale' button, which multiplies your bet by whatever it needs to be multiplied by to cover previous losses and still make the same profit when you eventually win...
That's a great idea actually. Drunken math = legit math. In general though, why wouldn't you reveal each day's secret the moment you stop using it? I don't see any need to wait once the secret is no longer being used.
It's arbitrary I guess. 4 hours is not a long time considering the 12 hour average wait for the day to be over. Another thing... I've seen a few people with coinroll ads in their signature, and they've all been very hard to read with the dark forum theme I use:
Oh, didn't even know that you can use a different forum theme.
|
|
|
Lots of lucky players in the last 24 hours. Why do you prefer the 0-65535 (note that's the range they draw from - 64000 is the highest you're allowed to pick, but the site can pick higher) range of coinroll to the 0-100% range of primedice?
They seem pretty much equivalent to me (except than everyone knows 25% is a quarter, whereas it takes a while to work out whether 16500 is more or less than a quarter of 65536). ie. percentages are more intuitive for those of us who tend to work in base 10 (and I think that's everyone except Luke-jr isn't it?)
Hopefully with the slider I've added it will be much easier to set arbitrary odds. PS: Your script is awesome.
|
|
|
New stuff!
Added 3 new buttons
2x Doubles your existing bet. This might be useful for people who play martingale.
Max Places the maximum bet allowed by your balance and the game you're playing.
Set Odds Pops a slider that you can use to make arbitrary games by just setting your desired winning odds.
|
|
|
Some changes: - Multipliers now have 5 significant digits
- You can see a list of your transactions by clicking the paper icon next to the Withdraw button
|
|
|
So '41881' changed to '41880.0'. Can we get rid of the decimal '.0'?
Should be fine now.
|
|
|
Is the db dump fixed now too?
Yes. Being British, 'nonce' always seems like unfortunate terminology...
Dammit, I always thought there was something wrong with that word.
|
|
|
The messed up nonces have been fixed.
|
|
|
Here's the script I'll be using tonight at midnight (GMT) to pick the winners: <?php
/* * Coinroll.it giveaway script (https://bitcointalk.org/index.php?topic=197242.0) * A 64-bit build of PHP is required */
$modulo = hexdec('ffffffffffff');
// Change this to the secret ID once it is released $secretId = hexdec('aaaaaaaaaaaa');
// Player bets go here $data = ' aaaaaaaaaaaa Player1 bbbbbbbbbbbb Player2 cccccccccccc Player3 ';
$playerDistances = array();
function arithmeticMod($x, $m) { if ($m < 0) $m = -$m; $r = $x % $m; return ($r < 0) ? $r + $m : $r; }
function modDistance($a, $b, $m) { return min(arithmeticMod($a - $b, $m), arithmeticMod($b - $a, $m)); }
$players = explode("\n", $data);
foreach($players as $player) { if (strlen($player) < 12) continue; list($id, $name) = explode(' ', $player, 2); $playerDistances[$name] = modDistance(hexdec($id), $secretId, $modulo); }
asort($playerDistances);
echo "Player Distance\n---------------------------------------------------\n";
foreach($playerDistances as $name => $distance) { echo str_pad($name, 25) . $distance . "\n"; }
?>
|
|
|
Thank you for pointing this out dooglus. I will investigate.
As you said, this only affects the archiving of the bets since it is a separate routine.
Edit: This is a concurrency bug. The lucky number calculation correctly uses the atomically incremented nonce while the archiving operation increments it by itself. This will be fixed.
|
|
|
I won 150 bets and lost 6... I bet on below 64000, which has a 1 in 1000 loss rate... huh?
Your math is wrong. Below 64000 has a 2.34% loss rate.
|
|
|
I simply don't know what is your experience with this, and on what you are basing your answers. Are you aware of, for example, http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html ? This is the return of five seconds googling, I hope you are aware of people that simply don't share their findings in this area. Storing passwords in plain text anywhere is simply a bad idea, supposedly safe cookies in 2013 do not make them a better idea. You can just ignore the situation, of course. Had you read your own damn link you'd realize: a) This is a JAVA/SILVERLIGHT/INSERTSTUPIDSHITHERE EXPLOIT b) It still doesn't break the domain sandbox, which means that the attacker would have to XSS it into my website somehow. I filter/sanitize all user-supplied input. Class dismissed.
|
|
|
Done
1BVRfAe5GzAb7S11XnfardBgKPp5EtAPb5
Not accepting any more. Thank you for participating.
I am locking the thread.
|
|
|
You are skipping another approach that should be obvious: there are bugs everywhere. I don't actually need to compromise a computer in order to access their cookies (including the httpOnly ones), I just need a browser with a bug that has been published (or not) which allows access to cookies.
Of course there are other approaches, maybe they are just not feasible for you ? GMail uses cookies too, but plain passwords is something you won't find there.
You're arguing just for the sake of argument. I suspect you're going to have to wait for a long time for that bug, because this is the sort of bug that would break the entire internet. Cookies are sandboxed. If a bug allows a website to read another website's cookies then that's the mother of all 0days. In a universe where a bug of this magnitude is likely to happen then you might just have browsers accessing your files (along with your wallet.dat), accessing other processes' memory (yes, your encrypted wallet), or even deleting your hard drive. Here are the alternatives: 1) Sending the password encrypted to the browser. That would accomplish nothing since there's still a 1-to-1 relationship of encrypted to cleartext. 2) A static session ID. Again, if someone got a hold of your session ID they would be able to access your account. 3) A dynamic session ID that changes on every request. Would make it a bit harder but the end result is the same. Since the password is dynamically generated and I don't allow you to change it, it acts as a unique ID. This is not Gmail, this is not a banking website. It's a game with loginless "accounts".
|
|
|
|