BetterBets.io - NOT provably fair

[RHavar]

This was resolved, I'm sorry for any confusion it may have caused some players. To our competitors, our team has never in over a year tried to find flaws in your sites nor detract from your business or hurt your image. I hope to see similar respect in the future.

Classy. Your site wasn't provably fair (due to an oversight), and thanks to the OPs discovery now is. But instead you are blaming "competitors" and not offering the OP at least a little bounty.

this issue just limited a user to 2 billion seed combinations versus 4 billion seed combinations

Actually, this would've allowed the casino to completely control with 100% certainty if the bet was going to be high or low. I don't believe this was ever used to cheat players and was a simple oversight (which does happen), but let's also not understate it. It was a very serious flaw.

[dantanas]

That sucks, and will lose confidence in betting.

[JackpotRacer]

Op was asking for a bounty and imo it is legit

lobos asked him not to publish it! why would he do this? he or BB should publish it immediately and fix it as they did anyway

lobos behaved in a very unprofessional way

why would wealthy need to ask lobos if they have their own coder? another good question is if lobos is also the coder for wealthy?

Wealthy bought a license for the BB code and their site will be updated tonight.

I read about it but may I ask you if you  lobos is also the coder of wealthy? why would they need to ask you to help to fix it? their coder could fix it as I understood it was just an easy mistake

is pokerowned the owner?

thx

Who is the owner is entirely their business.

As for why would they need to ask: have you ever tried to find a subtle bug in large codebase? It's far from easy (although in this case it could have been done). And given the sensitivity of the issue, why would the not ask for confirmation on a codebase they don't know all that well ... it's the responsible thing to do IMHO.

now this is lobos wie er leibt und lebt back to the roots  

just not to answer my questions like
if you are also the coder of wealthydice or if pokerowned is the owner of wealthydice

so I ask here @all who knows if @pokerowned is wealthy app owner? the app shows wealthydice as owner but pokerowned is handling the thread as his own app.

just for info someone described the bug
"At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system"

[JackpotRacer]

At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system. I suspect that they have been fair and not used this to con their users - but saying that I wouldn't use the site until the matter is cleared up. Good spot - it shows that it is good to do your homework. I'm sure the devs will be happy you found it if they are legitimate.

very well said!!!

but how can one exaplin that this happens to a coder like lobos? I know everything can happen but his behavior tells otherwise or he does not like to confirm own mistakes = sad

Unfortunately, its an easy mistake to make - this kind of thing can happen when a programmer tests his own work - its always better to get external testers involved. I work with a lot of programmers and a lot of them very rarely admit to making errors even if they are very clear.

thx for explaining and imo one year or more and no one saw it and not he owners and dev? all can happen and I dont point my finger at BB or MP as all is possible

interesting would be if MP pre owner RyanHavar could tell or confirm if it was already when he owned it

This was resolved, I'm sorry for any confusion it may have caused some players. To our competitors, our team has never in over a year tried to find flaws in your sites nor detract from your business or hurt your image. I hope to see similar respect in the future.

there is only one competitor in this thread. and yes you tried once to hurt our image you just did not succeed

you and everyone is welcome to search our site for flaws. we even invited the OP to check us out

IMO the OP was helping and not hurting you nor MP but lobos reaction and handling was unprofessional and suspicious. your mistake gave actually the option to think that MP could be involved and that means that your mistake was hurting MP owners now and before when RH was owner. IMO MP owners and pre owner would never try a cheat and kill their business

please dont forget to check our site for flaws but we need more time to fix it cause we dont have a coder right now

what we can learn is that the best way is straight forward if someone finds a bug or flaw and especially if it is a provably fair bug.

[BetterBetsDev]

now this is lobos wie er leibt und lebt back to the roots  

Natuerlich, had jij iets anders verwacht?  (to keep things linguistically interesting)

just not to answer my questions like
if you are also the coder of wealthydice or if pokerowned is the owner of wealthydice

I am the guy who provided the codebase, set it up for them and explained how things were structured. They did the reskinning themselves and I don't know who exactly did it (and I don't really care). They change some stuff on their own but me for advice on stuff which can affect betting and some of the more complicated logic, etc.

Does it even matter? They run their site and we run ours.

so I ask here @all who knows if @pokerowned is wealthy app owner? the app shows wealthydice as owner but pokerowned is handling the thread as his own app.

I don't quite understand why you're so interested in knowing who the WD owner is. All I can say is this: I've never heard the alias "pokerowned" before but then again, I don't really follow all the stuff going on in this scene.

just for info someone described the bug
"At best this is a programming error and confusion between a signed and unsigned integer. Should have never made it onto a productive system"

Correct. And it happened and it's my fault. There was no ill-will or intention to scam behind it. Software is a complex business and bugs happen.

[JackpotRacer]

This was resolved, I'm sorry for any confusion it may have caused some players. To our competitors, our team has never in over a year tried to find flaws in your sites nor detract from your business or hurt your image. I hope to see similar respect in the future.

Classy. Your site wasn't provably fair (due to an oversight), and thanks to the OPs discovery now is. But instead you are blaming "competitors" and not offering the OP at least a little bounty.

this issue just limited a user to 2 billion seed combinations versus 4 billion seed combinations

Actually, this would've allowed the casino to completely control with 100% certainty if the bet was going to be high or low. I don't believe this was ever used to cheat players and was a simple oversight (which does happen), but let's also not understate it. It was a very serious flaw.

He was offered a bounty and then when it wasn't what he wanted blackmailed us. You can defend him though it doesn't come as a shock. We can debate this off forums, unlike what you seem to think, these type of discussions make zero business sense to do publicly and are rarely ever public with a traditional company. Unless of course there's an ulterior motive behind it.

yes sure thing as always go private on skype and talk things out in the dark instead here where it should be discussed

why did the OP ask you for a bounty? cause you did not offer one and he should get a nice bounty from BB and MP

[JackpotRacer]

I don't quite understand why you're so interested in knowing who the WD owner is. All I can say is this: I've never heard the alias "pokerowned" before but then again, I don't really follow all the stuff going on in this scene.

hi lobos

thx for the visit ich habe mich sehr gefreut

not sure though if you were looking for any flaws or just stopped by to visit us today

the WD thread is here in case you didnt see it yet and it is handled by @pokerowned
https://bitcointalk.org/index.php?topic=1609876.0

and btw I am sure that you know who @pokerowned is or was.

[BetterBetsDev]

and btw I am sure that you know who @pokerowned is or was.

I have no idea and couldn't care less. And that's the end of that.

[dooglus]

I have no idea and couldn't care less. And that's the end of that.

I was trying to explain to OP that the 2^31 limit on the client seed was probably a result of the maximum value that could be stored in an integer in the language you were coding in rather than a deliberate attempt to cheat your players.

Something as simple as:

Code:

#include <stdio.h>
main() {
  int x = 2147483647;
  printf("x = %d\n", x);
  printf("x+1 = %d\n", x+1);
}

which outputs:

Code:

x = 2147483647
x+1 = -2147483648

demonstrates the issue with ints in C for example.

You remember C? It was invented around the time I was wearing diapers but you were already wearing big-boy pull-up pants.

[JackpotRacer]

I was trying to explain to OP that the 2^31 limit on the client seed was probably a result of the maximum value that could be stored in an integer in the language you were coding in rather than a deliberate attempt to cheat your players.

does anyone know if this was the case? if yes that would sound actually good for the BB dev lobos and all involved parties if I understand dooglus explanation it would have been just a code language limitation

[NLNico]

I was trying to explain to OP that the 2^31 limit on the client seed was probably a result of the maximum value that could be stored in an integer in the language you were coding in rather than a deliberate attempt to cheat your players.

does anyone know if this was the case? if yes that would sound actually good for the BB dev lobos and all involved parties if I understand dooglus explanation it would have been just a code language limitation

Before this there was actually a similar issue that was indeed a server-side limit (I assume just MySQL INT limit), I mentioned this more than a year ago:

4) AFAIK you should allow the client seed to be a number in the range of 0 and 2^32-1. However you are saving it now a signed INT which has a limit of 2^31-1. You should make it unsigned so the player can put the full range of numbers as client seed. In theory again MP could influence the outcomes with the information that the client seed will always be limited/low.

If I remember correctly they did fix that limit quickly so it allowed all client seeds (by manually changing.)

By that time clientseeds weren't generated in browser every bet (which was also part of my feedback):

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

So I assume they added that "automatic clientseed generation" after that (which is good) but unfortunately had this bug in it to not calculate in the full range (like RHavar mentions earlier in this topic.) TBH it is pretty silly to make the same mistake twice, but yeh mistakes happen I guess. Too bad I didn't really check that myself anymore by that time too (:




But anyway, is fixed now and since it would require basically both MP as BB to cheat (based on bet patterns), I don't think that's likely at all and probably just an oversight indeed.

[JackpotRacer]

I was trying to explain to OP that the 2^31 limit on the client seed was probably a result of the maximum value that could be stored in an integer in the language you were coding in rather than a deliberate attempt to cheat your players.

does anyone know if this was the case? if yes that would sound actually good for the BB dev lobos and all involved parties if I understand dooglus explanation it would have been just a code language limitation

Before this there was actually a similar issue that was indeed a server-side limit (I assume just MySQL INT limit), I mentioned this more than a year ago:

So I assume they added that "automatic clientseed generation" after that (which is good) but unfortunately had this bug in it to not calculate in the full range (like RHavar mentions earlier in this topic.) TBH it is pretty silly to make the same mistake twice, but yeh mistakes happen I guess. Too bad I didn't really check that myself anymore by that time too (:




But anyway, is fixed now and since it would require basically both MP as BB to cheat (based on bet patterns), I don't think that's likely at all and probably just an oversight indeed.

finally the right people are entering this discussion at least for me (dooglus & NLNico)

lets see if I understood what you explained. are you saying that this happened before with BB and you found it out? I understood they fixed/corrected it in those times. and then it appeared again just out of the blue?
I am asking because you said it is pretty silly to make the same mistake twice. but how can that happen again after it was fixed? I am not a coder and will not be in this life

let me also emphasize again that I never thought that RH or new MP owners would use this to their advantage. yes they could but it would kill their business in a second imo they are not stupid and not thieves. so there is no reason to attack me again as always (not that I am afraid of any attacks)

we love BTC and the Provably Fair option (& casino) and want to learn and understand and if people have patience we will understand (not many out there)

thx to NLNico & dooglus for chiming in

[NLNico]

It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

[RHavar]

Nice digging up there NLNico  

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

Yeah, although I think step b) and c) are also very important. It's good for BB, as they can be sure their customers aren't getting cheated, and it's good for MP because it removes the ability for them to cheat so there's no doubt in anyone's mind. And I doubt it'd take more than 10 minutes, so it's pretty good bang-for-buck. One of the features I was planning on adding on MP but never got around to, was a "cheating" mode, where the server would attempt to cheat (e.g. give results that were not provably fair, try predict, use "bet stalling" ) and then I could test sites with server-cheating-mode enabled, and if the server was able to cheat without the site giving a warning (e.g. alert("We got a bet result that wasn't provably fair?!")   ) the site wouldn't be "certified" as provably fair.

[BetterBetsDev]

It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

Hmm, we had that fixed at some point but it seems that code got lost during one of the bigger code merges I did. I'll fix all of this tonight.

My most humble apologies.

[BetterBetsDev]

It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

Hmm, we had that fixed at some point but it seems that code got lost during one of the bigger code merges I did. I'll fix all of this tonight.

My most humble apologies.

OK, the client seed randomization error has been fixed. The way it works now is like this:

1) The client seed is regenerated using the code from Rhavar's gist after every roll.
2) In the event that a server error is reported, the code returns *before* reaching the client seed regeneration statement, leaving the client seed unchanged.

This also means that the "enter your favorite client seed" functionality is no longer applicable; this input field has been removed.

In closing, I would like to say the following:

1) Yes, I messed up. I had numerous personal issues over the past months (cancer case in the family, daughter catching sever pneunomia, etc.) and as a result work was not really on my mind.
2) While we have had these issues, I would like to state that no bet has ever been tampered with intentionally on our side and I'm 99.99999% (basically 100%) certain that this is also the case on the Moneypot side. So while the implementation was lacking, there never was any fraudulent activity which exploited the potential this issue offered.

My apologies for dropping the ball, it will not happen again.

[JackpotRacer]

It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

Hmm, we had that fixed at some point but it seems that code got lost during one of the bigger code merges I did. I'll fix all of this tonight.

My most humble apologies.

OK, the client seed randomization error has been fixed. The way it works now is like this:

1) The client seed is regenerated using the code from Rhavar's gist after every roll.
2) In the event that a server error is reported, the code returns *before* reaching the client seed regeneration statement, leaving the client seed unchanged.

This also means that the "enter your favorite client seed" functionality is no longer applicable; this input field has been removed.

In closing, I would like to say the following:

1) Yes, I messed up. I had numerous personal issues over the past months (cancer case in the family, daughter catching sever pneunomia, etc.) and as a result work was not really on my mind.
2) While we have had these issues, I would like to state that no bet has ever been tampered with intentionally on our side and I'm 99.99999% (basically 100%) certain that this is also the case on the Moneypot side. So while the implementation was lacking, there never was any fraudulent activity which exploited the potential this issue offered.

My apologies for dropping the ball, it will not happen again.

interesting change of mindset! wonder why?

[JackpotRacer]

It were 2 different mistakes, but same problem. One was server-side and one was client-side (that "re-generate button".) I noticed the server-side one which was quickly fixed, but the client-side problem was still there (and now fixed.) I am not sure if I simply didn't notice it or if it was "added" after that. Also the lack of getting a new clientseed after each bet seemed more serious to me....



So yeh.. I noticed that the site actually still doesn't generate a new clientseed after each bet right now :\ I am a bit surprised about that because I thought this would be fixed already after 1+ year. This still allows MP in theory to cheat. If I pick my client seed, for example "1,523,456,648" and make 10 low bets, MP can just give results between 602,552,164 - 2,771,510,647 and it would be a high result. Of course this would also allow a player to cheat if he tricks MP and makes a high bet instead of the "expected low bet". So it is not likely at all that casinos (in this case MP) cheat in situations like this ("based on previous plays".) Still it is a flaw in the implementation and should be fixed.

3) IMO, you should generate a random client seed before every bet in the browser. If a player bets with the same client seed every time, in theory MoneyPot could give "next server seeds" based on their betting pattern. So if a player is betting high every time, they would give low numbers based on the same repeated client seed. I am not accusing MoneyPot of this AT ALL, RHavar seems a trustworthy person to me, but provably fair is all about not needing to trust the site owner.

That being said. I still disagree with some fundamentals as discussed a long time ago: https://bitcointalk.org/index.php?topic=1065847.msg12015013#msg12015013 (basically: needs to generate the clientseed between every bet in the browser with cryptographically secure method.) I don't think you guys changed that yet (to for example RHavar's solution.) I also discussed it a bit at Rollin thread - they did change it after few days: https://bitcointalk.org/index.php?topic=687571.msg12122724#msg12122724 IMO the provably fair implementation is barely provably fair at this moment. So TBH I think that verification script isn't a high priority compared to that.

^ seems like I have to ask for this every 7 months :X

I actually just removed BB from my site now too (probably should have done that much earlier.) It's so easy to fix their provably fair implementation but I feel pretty much ignored. Sure, I still don't think AT ALL that MP cheats nor that BB is doing this on purpose. I understand it's hard to prioritize when most players don't really care (or understand those details.) But it should be our goals to have the best provably fair implementation as possible.

RHavar already gave a solution for in back in July 2015: https://bitcointalk.org/index.php?topic=1065847.msg12018096#msg12018096 The easiest solution is just calling that "new clientseed" function after each bet, takes literally 1 minute to implement.

@NLNico thx again for the detailed explanation very much appreciated

I understand that RHavar's solution is the way to go and as you are saying it is a one minute job to implement it. how long will it last for a non coder like me? ( we have no coder right now )

is there a copy/paste option? I am very god in copy/paste

[neochiny]

~snip

is there a copy/paste option? I am very good in copy/paste

lol. My head was spinning with the 'codes talk' then I see this. So I say, me too!
Sorry for butting in on you guys' discussion but, I'm glad it's been fixed and all so,

What happens with OP? It was a good spot by him, he spent time and effort, tried to have this resolved privately but he was instead treated rudely/offensively. To the extent that he was even ridiculed and called a blackmailer.
Is this really how BB just gonna brush it off? An attempt to discredit OP and then downplay/trivialize the issue?

BB saves their reputation and OP doesn't even get a word of thanks, much less a reward. He gets taunted and scoffed at instead by some shills. Huh. Well played.   

[JackpotRacer]

~snip

is there a copy/paste option? I am very good in copy/paste

lol. My head was spinning with the 'codes talk' then I see this. So I say, me too!
Sorry for butting in on you guys' discussion but, I'm glad it's been fixed and all so,

What happens with OP? It was a good spot by him, he spent time and effort, tried to have this resolved privately but he was instead treated rudely/offensively. To the extent that he was even ridiculed and called a blackmailer.
Is this really how BB just gonna brush it off? An attempt to discredit OP and then downplay/trivialize the issue?

BB saves their reputation and OP doesn't even get a word of thanks, much less a reward. He gets taunted and scoffed at instead by some shills. Huh. Well played.   

yes it is no joke we had a coder who wanted to help and gave me some lines for our code to add (copy/paste) and he told me where to put it and I did it a few times already since we have lost our coder. we had 4-5 coders in the meantime they only wanted coins for nothing or one stole our game and opened a  MP app and is still there and MP just let him do this instead deleting his app (sad)

regarding BB I fully agree with you and I mentioned it before that the OP should get a bounty from BB and/or MP

and this arrogant dev lobos started out tough and arrogant without any reason against OP and dooglus and then came back and down on the floor and fixed it