Yeh site down.. but the connection to chat/gambling is still working, so anyone who had PRC still open is still online  Is there traffic at poker tables these days? How many players on average?
AFAIK bit same as before. So frequently OFC with sometimes other games. Definitely can ask in chat for it too (most playing OFC start games like that every day.) |
|
|
|
|
I think you could get HH on request. So e-mail them and specify what you were playing. This request could take a couple weeks though (because they need to manually "render" it), but they used to do this AFAIK.
App doesn't save logs.
|
|
|
|
profit took a hit today.  Yeah  invested up to ~700 though  |
|
|
|
|
Or they still saw your/others signature which is still actively promoting a scam :\
|
|
|
|
|
I would assume this could be a stream socket between the 2 servers so it's only 1 connection. I am not an expert in that, but if you optimize it I am sure you can make it very quick. But yes, still that would be a disadvantage / technical challenge.
|
|
|
|
Aww he is mad at PRCDice cuz some guys over there figured out he was cheating the users Then now he doesn't recommend PRC, a site that has been online for ~18 months, cuz it doesn't look as fancy as his scam site. Either way recommending or complaining about another site seems completely irrelevant and inappropriate, after obviously someone just won a lot of BTC by using the server seed. Maybe replying a bit more on that and a bit less on others. |
|
|
|
That screenshot is just some ppl trolling in PRC chat with manl/gerry usernames  (muted btw quickly after that) Will be interesting to see what they will really say though.. if anything :\ |
|
|
|
|
To make it more fair for the players, we now skip losing nonces for specific players, have fun mateo!
|
|
|
|
The audit server gets only hashed data and gives a random seed. It cannot calculate the outcome because the client/dice server - seeds are still hashed. Let's have an example My roll on PRC: 8892974 NLNico 19:46 0.00000001 ฿ 33x <3.00 25.23 -0.00000001 ฿ client seed:
nico532523
nonce:
44
server seed hash:
DC8715EAFD90D3FD5E80C071D105F0E07EDC7E3D78C561B1CFEC706CC768D13C9C508A42D8805D4 B1A30485EF0690C88068411E29AFBA8A7592E6F34DB517685
server seed:
tZ2TmS0u4m6v7XXpHj0wpFesp6q/0bgk1UnscBTs+xP8nZ7tYwx2Z0JS857eZnEwgDWY9BYXnZXb99V9o7hrVHY= They use "n:s:n, n:c:n" in a HMACSHA512 function, so the hash is: 3d97495c452f2d603436606a64004944f66a3102df44c4d483cb3372ea83ff973c37e8b3fd8f9aa aa8c23bd8f8f1e60ae517b1d6033759c785a2e3bc34c036d4 3d974 = 25.2276 = correct So what would happen is that the audit server generates a random seed and gives the SHA512 hash to the player (or dice site who forwards it to player) Audit seed hash (to verify it afterwards): 49EAE442D9C93E30511BF4F36CA929C2B8AB94E5E9712B4DCBFE449658DFAFA50E9C2F69F0D74BCC4EBA3A5EFB541B4F5D2614B33DBDDB5214BEABD596DBE9C6 The dice site gets all the info of the roll, hashes it and sends it to the server + bet ID, for example: betid and SHA512(betid:amount:chance:serverseed:clientseed) 8892974:0.00000001:L3.00:tZ2TmS0u4m6v7XXpHj0wpFesp6q/0bgk1UnscBTs+xP8nZ7tYwx2Z0JS857eZnEwgDWY9BYXnZXb99V9o7hrVHY=:nico532523 = 5A18C5626F0960DDE3BE761FD35F496D769529107AA6917496782A8DF1CC68785B237193C5E53F7EF255963AC7A236836892C717582360B3A018D36F085D115C and 8892974 Audit server saves this information and sends back the seed: Calculation now will be "n:s:n:a:n, n:c:n" in a HMACSHA512 function (s=server seed,a=audit seed,n=nonce,c=client seed) and the outcome can be calculated. This can all happen within 0,1 second. What will we get from this: 1) Audit server gets only hashes so cannot calculate the outcome. 2) Dice site cannot calculate the outcome in advance. Also the audit site will have a list of all rolls + IDs. If any bet ID doesn't match the HASH of the dice site > there is a problem. In theory you could get all the hashes of all today's bet and make one SHA512 code of it and the dice site can do the same. If they don't match 1 of the bets have not been executed or is manipulated. 3) For the player there is not that many changes. Generally players don't like a seed that changes every roll because in theory the server could change this based on martingale strategies etc. I am not sure how this could be fixed the best. 4) For the investor, he can check if all the bets are really made and if he trusts the audit server he knows none were manipulated. It does require less trust though(!) because 2 people need to "be scamming" together instead of only the dice site owner. Also in case of a hack, they cannot really abuse the server seed. |
|
|
|
|
If you have 5 different players, you will only need 1 fake player's seed. The owner can just loop through seeds for this fake player to find a seed that gives the "right" outcome. So that would not proof anything extra, "better yet" it creates possibilities for the owner to scam normal players (non-investors) - (make a "fake bet" after 4 bets of a big bet, so you can modify that seed to make the big bet lose)
Therefor it needs to be an external extra seed, from an audit server that doesn't work together (hopefully) with the owner (this server can give the hash of the seed in advance to the player so he won't be cheated). Or an external site that could create random data (like Twitter) where it must be important that specific future information will be included and it has a lot of information so it cannot be manipulated.
|
|
|
|
|
Well for the problem the dice site needs to publish the hash of the info (including bet ID, amount, nonce, chance, seeds) before it is able to calculate the result, get an extra seed after that, then to calculate the result. It would be not possible to change any seed or amount/chance because it was published before it could calculate the outcome.
The extra seed cannot be from the server or the player(s) because in the "fake whale" situation these are the same. It would be fairly easy for a dice site owner to generate 3-5 fake bets from "different players" to generate a winning big roll.
|
|
|
|
That is an interesting approach. The problem in solutions like that is that you cannot really let the dice owner decide which tweets are included (otherwise you could include/exclude the last tweet to change the outcome - assuming every micro/millisecond-second tweets appear.) So I guess it would work like this: - dice site publishes hash of bet info (ID, client/server seed, amount, change, nonce) in advance - same as "audit server idea" + a timestamp and timestamp in future of + 1(?) second (or not timestamp but ID + future ID if consecutive.) - get tweets specifically from that timestamp to future timestamp - make hash of it - use it for calculation This could be done all in 1-2 seconds (I think ) Potential problems: - Have to make sure that the "future timestamp" is really in the future, otherwise dice site can choose which tweets to include. And with +1 second it will be hard for the investors (and even players in this case!) to verify that this doesn't happen for any bet. Perhaps users could setup their own server to accept this data so you can really log and verify it with your own server time etc. If 10 users get this data real-time and verify it, I guess it could work and is better than 1 audit server. In theory you could do this even client-side I guess so all online users verify it in real-time mm. - Twitter firehose seems pretty exclusive, but I understand that was just 1 example |
|
|
|
Hello, I am aware that current off-chain dice sites are provably fair for the users (if implemented correctly) but not really for the investors. This means if anyone (for example dice site owner or hacker) has the server seed they could fake bets (adjusting the server/client seed/amount/hi-lo/etc) to make sure they can win. I am wondering if there could be theories or methods to make this risk lower or a method so the investors would need less trust in the site owner for the "fake whale problem" and "hacker has server seed problem". Only thing I could come up with is a third-party audit server. Basically: Dice site sends hash of: (bet ID, client/server seeds, nonce, chance, amount) in advance to audit server, audit server returns extra seed. Audit server only has hashed server/client seed so doesn't know outcome. Final result will be calculated with that extra seed so in advance dice site doesn't know outcome. Afterwards everyone could verify all bets to see the dice site didn't change the server seed to a winning one. Or if there are any missing bet IDs or changed amounts. So: - House cannot cheat with "fake whales" (as long as you trust audit server.) - Hacker that can get the server seeds will have to hack the audit server too, therefor this is less likely to happen. Important: - This only works if the dice site and audit server are from different persons and don't work together. So it still requires trust. Also it only focuses on this specific "abusing server seed" problem, not stealing the BR etc. Notes: - For performance it requires an extra external request per bet, although this should be possible. - Transparency is important, should be easy for investors to verify. For example a weekly output of all bets from both the dice and audit servers + script to verify. Or more easy: dice+audit could both generate a hash of all info in same format of today's bets, then compare if it's the same. - The user probably wants the hashed audit seed in advance, but this could be possible I think. A trust-less, decentralized method would be better, but the bet results should be ready in 1-2 seconds and I think that will be difficult that way. Would be cool if someone has ideas for that though. I expect the reply to this will be "not worth it since it's still not 100% proof." But still I am interested in alternative ideas or if this idea would be reasonable and at least better for investors? And if there is a flaw in my theory (besides trusting audit party to not work together), please tell me :> edit: I think this would btw also work for sites that skip nonces, but that was not my intention or goal. edit2:  |
|
|
|
i still dont get this.
why is skipping nounce such a big issue? can't the dev just fix the code and get back to normal?
dice game is all random anyway.
The nonce is part of the calculation for the result ("the number you roll".) They were skipping nonces that would have resulted in a winning result, so players lose much more than they should. That is definitely a big issue |
|
|
|
Thank you if you have any problem modifying it in your design don't hesitate to PM me. |
|
|
|
Just email them at support@sealswithclubs.eu 0.005 is nothing for them, I am sure they didn't scam you, it might be a technical issue. |
|
|
|
I have always been interested in this too. SwC uses www.voxility.com although they don't offer small VPS options. AFAIK, JD used Amazon AWS in Ireland. Most use at least CloudFlare which could hide the hosting provider for most people (for example primedice.com uses that.) At least don't use anything in USA There are also other threads on this forum if you search on "site:bitcointalk.org vps gambling" or something like that. Be aware that there are some VPS providers that accepts Bitcoin as payment and gambling sites, but personally I have trust issues for them. I assume that a VPS provider can see the source of your website and if they know a lot about Bitcoin and Gambling sites, it just feels like they are more likely to have a good look at your source/server seeds etc. I am not sure if there has been a Bitcoin site that has been "hacked" by the hosting provider or something like that. But it feels more risky to me. |
|
|
|
|
Weekly is fine I think. Probably also on site for those who are not here (maybe both)?
|
|
|
|
"They", to be honest I think it's just "he", did say a few things about it: Providing for our current customers is key priority, not gaining new sign-ups. If you think we are shady, then don't bother. Any new bitcoin mining company who provides all the information you are asking for is just asking for trouble. No thanks. Scam accusations are welcome, but we will continue to provide our service to our customers as we have been. I won't address this issue any longer because this will be a losing battle no matter what I say. Thanks.
We do not want to violate our sales agreements and there are other issues which may put our entire operation and customers at risk. We will not put our operation at risk, violate sales agreements with our suppliers, open ourselves up to extortion, etc. The list goes on. When we feel more secure, we will become more transparent. Our stance on this topic has not changed since page 33 of this thread.
In January we made a lot of mistakes with our security, and just as we started releasing too much information about our business we just about got fried. We are not going to let that happen again.
Our identity WAS revealed to the public at one point, actually, and we ended up retracting our transparency due to some disturbing events which occured. Our stance on the subject has not changed. We stand strong to protect the identities of our employees and to protect this operation. As we continue to heighten our security, we will gradually become more transparent again. I find it hard to believe that a photo of their operations would violate sales agreements. Sure they might not be allowed to disclose a cheaper price if they get the hardware discounted, but just a photo..? How about giving a list of BTC payment addresses from the pools they use, instead of the mixed ones. I can't imagine how that affects their security, identity, sales agreements or anything? |
|
|
|
|
Show Posts
