|
90% of the time, it works every time.
|
|
|
|
Yeh, I could agree with that. Although on a "traditional affiliate network" upon canceling of the "affiliate agreement" existing customers wouldn't generate affiliating revenues anymore either. And with that domain he wouldn't get any revenue ever at all to begin with. But again, obviously there were no "official terms" here. In the end I am not completely agreeing with Dean btw since there were no official terms. Just saying I cannot blame him either. Hope that makes sense xD Overall this is BTW about such a small amount (0.01 or less?) that it is just a bit silly  |
|
|
|
|
Lol KOS, the "expert scammer", did you pay the 2 BTC back to BigBitz yet? Or you still talking BS about "USD value" on a BTC loan?
1. Dooglus have been given a 1 BTC bounty. I would agree this should have been sooner, but "ah well".
2. In the "real world" as you like to state it, affiliation networks have a long list of terms, this almost always includes:
- Cannot use brand name or typos of it in URL
- Cannot use brand name or typos of it in paid search
- Website/blog have to register to the program, after this the website/blog is checked/reviewed if it "fits their brand". If accepted, the website/blog can be removed from the program later for any reason (this would probably include calling the website a scam, etc.)
- And many other terms.
I don't know how many websites you had before and how many affiliation networks you joined, but I can promise you these are very normal terms. Of course officially there were no terms here, so in theory the "website/blog" (BAC) can do what he wants, but in theory PRC can also do what he wants, I guess.
Personally I would pay BAC just to get no drama. But considering: BAC got the affiliates with a domain with his "brand name", he said on that website PRC is a scam and he is now redirecting that site to a competitor.. I personally cannot really blame Dean for not paying BAC. Obviously clear terms would have solved this issue in the first place.
Besides all this, and this is not personally meant about BAC, but I BTW think those "domain dealers" are the lowest of the "legal internet business world". Reminds me of a former classmate who registered expired domains from local (non-profit) sport clubs and then demanded 500 euro for it. IMO that is just wrong and my classmate could better spend time in actually creating websites. But I guess my classmate was not really good in that. "Officially" there is probably nothing wrong with it (actually if the company is registered it is very questionable.) And obviously in this case it is a stupid mistake to not register that .com in the first place.
3. finnile demanded the bounty "now" before it was fixed. No bug bounty program would give you a bounty before it's fixed. It doesn't work that way. Since finnile didn't want to follow normal bug bounty procedures, he didn't get paid. His mistake, not Dean's mistake.
|
|
|
|
Guys, this is not just for gambling, but for every transaction you have, it is always best to send or receive to a completely brand new bitcoin address.
Don't give the nooby cheaters advice !  |
|
|
|
Their hosting provider has some problems at the same time: 1 min ago - Starting at 19 Nov 2014 00:52 UTC we are experiencing a connectivity issue to multiple Azure Services, including Storage, Websites, Azure Search, Azure Cache, Management Portal, Service Bus, Event Hubs, Visual Studio, Machine Learning, HDInsights, http://azure.microsoft.com/en-us/status/?rnd=1So the cause seems pretty obvious, no worries  PRC is indeed the largest crowdfunded website, you can see statistics on my site www.dicesites.com including % amount of cold wallet (to make it very likely the investor funds are really in an address controlled by PRC.) Currently: Bankroll: 1,698 BTC Cold wallet: 1,632 BTC (96%) |
|
|
|
Yes. Potentially a DDoS attack I guess. edit: correction: 1 min ago - Starting at 19 Nov 2014 00:52 UTC we are experiencing a connectivity issue to multiple Azure Services, including Storage, Websites, Azure Search, Azure Cache, Management Portal, Service Bus, Event Hubs, Visual Studio, Machine Learning, HDInsights, http://azure.microsoft.com/en-us/status/?rnd=1 |
|
|
|
so i think i might have some good news! Well.. how about you share it? |
|
|
|
|
Well the discussion of vulnerability related things on dice sites and the theoretical possibility of cracking the PD server seeds seemed relevant enough (today.)
But, after that last post I was not planning to reply anymore and agree the last few posts were a bit too much offtopic, sorry guys :p That's it.
|
|
|
|
Ps I'm one of bikinidice developer Ah, this explains it. Just stay stubborn and keep making silly statements. That's it. I do not expect you to understand this. So, do not worry. |
|
|
|
@NLNico Yes it's difficult but not impossible.
Lol? So we can just stop with the whole bitcoin system I guess? Since it's also theoretically possible to crack private keys etc. You understand his statement " we use per-roll against brute-forcing" was silly, right? |
|
|
|
Part of fixing the issue is forcing all accounts to set a new seed pair, in an hour expect to be prompted to set a new pair.
We (bikinidice) change server seed every rool. That's isn't very pretty for player (need to check every time his pair to make sure of our fair system) but we need to protect our investors coin. Sites like bikinidice which pick a new server seed for every roll are a real pain to play on for the paranoid gambler. In order to be sure that the rolls are fair, you have to make a note of each new server seed hash, and then pick a new random client seed as well - for every roll - and then verify the rolls afterwards, too.
If any player force the sha256 server seed is a BIG problem. Yes it's difficult but not impossible. Lol? I think if you had some coin of other player you need to take more care than a "lol" Yeh, definitely. But just the fact that he, as a dice site operator, thinks brute-forcing is a problem with a long enough seed is pretty funny. Let's do some maths. PD uses 26 lowercase letters and 10 numbers in their seed, so 36 different characters with a length of 64 characters. So 36^64 = 4011991914547630480065053387702443812690402487741812225955731622655455723258857 248542161222254985216 different seeds. The bitcoin network calculates double SHA256 hashes with a speed of 297,275,048.09 GH/s. So 297275048.09*1000000000 = 297275048090000000 double SHA256 hashes per second (pretty impressive right?), and single SHA256 would therefor be 297275048090000000*2= 594550096180000000 hashes per second. This is 594550096180000000*60 (seconds) *60 (minutes) *24 (hours) *365 (days) = 18749731833132480000000000 hashes a year. However, it would take: 4011991914547630480065053387702443812690402487741812225955731622655455723258857 248542161222254985216 / 18749731833132480000000000 = 213975962443264184927319954831658656345664031820000000000000000000000000000 yearsto calculate all the original seed-hash calculations of PD with the power of the entire bitcoin network. So yes. I do think it's funny that he thinks this is a serious threat or that he thinks he is "protecting his players/investors" by having a "seed per roll" system. He is actually quoting a message of October of dooglus just to say " see dooglus, this PD hack is exactly the reason why we have hashes per roll, so we cannot have teh damn brute-forcers". I kinda assumed or hoped that was a joke or something, hence the " lol?". Don't get me wrong. A dice site can have many problems / server-seed leaks, to name a few: - Any SQL injection or code execution or things like that to get to the database with the seeds. - Any other way of "leaking" the un-hashed server-seed (probably what happened here - personally I am curious for the later update with hopefully some technical details) - Running in a shared hosting or VPS environment with a bad hosting employee. - Not separating nonces / client seeds, like BikiniDice was planning to do ( like I pointed out here) - Having a predictable random generator so the server seeds could be predicted (BikiniDice seems to use the PHP rand() function, so I hope the server seed is generated more randomly than that) - Any other algorithm flaws, like PRC had many months ago with getting the "next character" instead of "next set of 5" thing. - If your "server seed" is actually not that long, brute-forcing is a problem. - And obviously any other normal security issues like XSS, CSRF, etc. Nothing bad towards BikiniDice though, I really like the trollish-internet-concept. Just thought it was a silly statement to make. Ps, I am not that good in math, if there is a problem please correct me, but the idea is clear I think. |
|
|
|
Part of fixing the issue is forcing all accounts to set a new seed pair, in an hour expect to be prompted to set a new pair.
We (bikinidice) change server seed every rool. That's isn't very pretty for player (need to check every time his pair to make sure of our fair system) but we need to protect our investors coin. Sites like bikinidice which pick a new server seed for every roll are a real pain to play on for the paranoid gambler. In order to be sure that the rolls are fair, you have to make a note of each new server seed hash, and then pick a new random client seed as well - for every roll - and then verify the rolls afterwards, too.
If any player force the sha256 server seed is a BIG problem. Yes it's difficult but not impossible. Lol? |
|
|
|
|
1Fcn7M1AjgA9RFPm59RqiTCCD6tKKS5vN9
Thanks!
|
|
|
|
wow this is crazy, would love to see ur argument for it not being rigged
Do you understand how a dice game and provably fair works? First try to understand that, then reply again. If you have the server seed you can obviously know all the outcomes, that is what happened. That has nothing to do with "being rigged". |
|
|
|
Stunna: that's called playing with an unhashed seed lol
Stunna: anyone who thinks the site is rigged or what not just doesn't understand fairness, he abused an exploit
Stunna: Muzzis, this has nothing to do with fairness, if you want to fling accusations go ahead. We'll post a statement about what happened Wondering: did that Huffle guy or anyone else used the same exploit? Did "Robbinhood" cashed out anything? GL fixing it. |
|
|
|
|
Thanks for confirmation of that. I guess I will not login on my Blockchain wallet until this is solved or something (just to be sure.) Good luck.
|
|
|
|
Check: - 1 of your public addresses, see if you balance is still there :X - URL (so many Blockchain phishing sites, although LastPass should not work on phishing sites) - Alias / Identifier (sometimes you have to confirm the device thru mail with alias) - Connection (I am pretty sure Blockchain can be strange when the connection is not so good) - 2FA (I obviously assume you do not have 2FA? But if you do, check it. If you don't have > add next time) - History of passwords (LastPass saves previous used passwords, maybe you have some Blockchain account mixed up) - If nothing works, check for a backup (most times they send it thru mail) What error (if any) do you get anyway? |
|
|
|
Als je een mooi prijsje kunt regelen, wil ik er ook wel een overwegen. Hoor het wel  |
|
|
|
|
Show Posts
