Bitcoin Forum
December 06, 2016, 06:06:16 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: MyriadCoins.com - Make the bet you want  (Read 7067 times)
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 01:57:13 AM
 #41

Not wanting to risk it, I clicked the banner to get a new hash, put my deposit address, changed the bets to 0.10 and 0.20, input my guess, copy/pasted the hash into a text editor and hit 'place your wager'.  Again it told me something had been tampered with.

I tried again, and again got the 'tampered with' error message.

I tried a 4th time, not copy/pasting the hash, and that time it worked.

Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away.  Or something.

("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")

Can I find a list of outstanding games, so I can pay for one?  Is it safe to pay for the "tampered with" ones?

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481047576
Hero Member
*
Offline Offline

Posts: 1481047576

View Profile Personal Message (Offline)

Ignore
1481047576
Reply with quote  #2

1481047576
Report to moderator
1481047576
Hero Member
*
Offline Offline

Posts: 1481047576

View Profile Personal Message (Offline)

Ignore
1481047576
Reply with quote  #2

1481047576
Report to moderator
1481047576
Hero Member
*
Offline Offline

Posts: 1481047576

View Profile Personal Message (Offline)

Ignore
1481047576
Reply with quote  #2

1481047576
Report to moderator
notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 02:03:53 AM
 #42

Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up.  If the recomputed hash doesn't match the displayed hash, you get the tampering error.  I'm having a hard time imagining how what you've described happened.  If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it.  Was this a fresh game, or had it sat around for a while?  Was it submitted previously and had a different error?  Was there anything else you did that might provide a hint?

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 02:07:10 AM
 #43

No wanting to risk it, I clicked the banner to get a new hash, put my deposit address, changed the bets to 0.10 and 0.20, input my guess, copy/pasted the hash into a text editor and hit 'place your wager'.  Again it told me something had been tampered with.

I tried again, and again got the 'tampered with' error message.

I tried a 4th time, not copy/pasting the hash, and that time it worked.

Then when I tried a 5th time, trying to find out if I could narrow down exactly what caused the problem, it told me it was sick of me and that I should go away.  Or something.

("Too many outstanding games from your IP address. Please pay for a game or wait for one to time out")

Can I find a list of outstanding games, so I can pay for one?  Is it safe to pay for the "tampered with" ones?

Here's a list of unpaid hashes with the same payout address as the one hash you posted:

521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222

Yes, it is safe to pay for the tampered ones.  The games look to be fine on the server side.  Still, we need to figure out why this is happening.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 02:08:05 AM
 #44

Can you try a Ctl-F5?  We made some changes to the javascript and you might be caching an old copy.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 02:09:54 AM
 #45

Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up.  If the recomputed hash doesn't match the displayed hash, you get the tampering error.  I'm having a hard time imagining how what you've described happened.  If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it.  Was this a fresh game, or had it sat around for a while?  Was it submitted previously and had a different error?  Was there anything else you did that might provide a hint?

See my post immediately before yours.  I had the error happen 3 times in a row, on 3 different hashes.  The first time may have been over an hour old, I'm not sure.  But the 2nd and 3rd were newly generated.

I ended up sending BTC to the address it told me, and it worked fine.  But that may have been my 4th attempt, which didn't show the error.

Is it possible that my double-clicking the hash at the bottom of the game page then control-c'ing to copy it is causing something bad?

Quote
Here's a list of unpaid hashes with the same payout address as the one hash you posted:

521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222

Yes, it is safe to pay for the tampered ones.  The games look to be fine on the server side.  Still, we need to figure out why this is happening.

It might be good to let the user see their list of unpaid games for themselves, and possible let them cancel them.  Otherwise they have to wait 2 (?) hours for them to expire if they create too many when playing around.  Unless there's a good reason not to, of course.

Quote
Can you try a Ctl-F5?  We made some changes to the javascript and you might be caching an old copy.
[/quote[

Will do.

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 02:12:50 AM
 #46

Before the game is recorded in the DB, it the hash is recomputed to make sure everything matches up.  If the recomputed hash doesn't match the displayed hash, you get the tampering error.  I'm having a hard time imagining how what you've described happened.  If you open another tab with a new game, it can mess up the site's guess/salt that is stored in the server-side session, but then refreshing wouldn't have fixed it.  Was this a fresh game, or had it sat around for a while?  Was it submitted previously and had a different error?  Was there anything else you did that might provide a hint?

See my post immediately before yours.  I had the error happen 3 times in a row, on 3 different hashes.  The first time may have been over an hour old, I'm not sure.  But the 2nd and 3rd were newly generated.

I ended up sending BTC to the address it told me, and it worked fine.  But that may have been my 4th attempt, which didn't show the error.

Is it possible that my double-clicking the hash at the bottom of the game page then control-c'ing to copy it is causing something bad?

Quote
Here's a list of unpaid hashes with the same payout address as the one hash you posted:

521b684fc9e8f31020c35ed15d25e07fe7f0c2881970769b616acab41fdacb6f
135f4c3a60b4d8c8fe5215e48c517cac5652cb47c9022b8e67b058d79761c191
e94182f8f76f6ae7b8351efe45580eb40b9d59c8b6b7efea442aa784e43d1222

Yes, it is safe to pay for the tampered ones.  The games look to be fine on the server side.  Still, we need to figure out why this is happening.

It might be good to let the user see their list of unpaid games for themselves, and possible let them cancel them.  Otherwise they have to wait 2 (?) hours for them to expire if they create too many when playing around.  Unless there's a good reason not to, of course.

Quote
Can you try a Ctl-F5?  We made some changes to the javascript and you might be caching an old copy.

Will do.

We could possibly show the hashes for games from the user's IP, but those might not necessarily be their games.  We have no way of identifying individual users, other than possibly when they use the same payout address.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 02:19:21 AM
 #47

We could possibly show the hashes for games from the user's IP, but those might not necessarily be their games.  We have no way of identifying individual users, other than possibly when they use the same payout address.

I see.  I assumed you would be using a session cookie or something to track my activity on the site.

I tried control-f5 but it doesn't seem to do anything at all.

I monitored the squid logs when I hit control-r, f5, etc.  Here's what happened - it seems to be the same for each, except for control-f5 which as I say did nothing:

I notice that control-shift-r gives different messages, so maybe that's the equivalent of what you asked for.

Code:
[control-r]
1339553565.370    968 127.0.0.1 TCP_MISS/200 2830 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553566.442   1059 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 291 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 -
1339553566.772   1388 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 293 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 -
1339553566.772   1388 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 292 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 -
1339553566.944   1561 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553567.163    207 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 269 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 -
1339553567.343    160 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html

[f5]
1339553586.905   2601 127.0.0.1 TCP_MISS/200 2830 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553587.102    184 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 291 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 -
1339553587.262    344 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 292 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 -
1339553587.344    426 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 293 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 -
1339553587.464    545 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553587.633    156 127.0.0.1 TCP_REFRESH_UNMODIFIED/304 269 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 -
1339553587.842    164 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html

[control-f5]

[control-shift-r]
1339553610.015    350 127.0.0.1 TCP_MISS/200 2831 GET http://myriadcoins.com/game.php - DIRECT/96.127.133.59 text/html
1339553610.182    150 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 805 GET http://myriadcoins.com/resources/stylesheet.css - DIRECT/96.127.133.59 text/css
1339553610.763    730 127.0.0.1 TCP_MISS/200 6448 GET http://myriadcoins.com/js_parser.php? - DIRECT/96.127.133.59 text/javascript
1339553610.784    751 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 6506 GET http://myriadcoins.com/resources/modernizr-2.5.3.min.js - DIRECT/96.127.133.59 application/javascript
1339553611.142   1110 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 32482 GET http://myriadcoins.com/resources/jquery.min.js - DIRECT/96.127.133.59 application/javascript
1339553611.516    319 127.0.0.1 TCP_CLIENT_REFRESH_MISS/200 14706 GET http://myriadcoins.com/resources/myriadcoins-logo.png - DIRECT/96.127.133.59 image/png
1339553611.763    234 127.0.0.1 TCP_MISS/404 581 GET http://myriadcoins.com/favicon.png - DIRECT/96.127.133.59 text/html

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 02:29:39 AM
 #48

I just reproduced the error again, and took screenshots as I did.

I started with a 5-minute old hash:



Then I clicked the game logo to generate a new hash, filled in the details, double-clicked the hash, and hit control-c.  All ready to click the 'place ...' button:



Then I clicked the 'place ...' button I saw the error message:



Notice that the hash is still selected in that final image.  I only selected it once, and it stayed selected.

I think every time I've double-clicked the hash, I've seen the error, and every time I haven't, I haven't.  Seems odd though.

This all happened in the space of a minute or so.

Would it help if I did it again and grabbed the HTTP packets that hit the network for you?

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 02:33:05 AM
 #49

I think every time I've double-clicked the hash, I've seen the error, and every time I haven't, I haven't.  Seems odd though.

I just saw the error again without clicking anywhere near the hash.

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 02:42:14 AM
 #50

I followed you steps exactly other than waiting 5 minutes and couldn't reproduce.  I've reloaded the page and I will wait before trying again.  If it's not too much trouble the HTTP packets might be helpful.  It might be better to email it than to flood this thread.  If you're okay with revealing your email, send it to yrral86@gmail.com, otherwise a PM will do.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 03:34:08 AM
 #51

OK, it took me a while to figure out how to stop my browser saying it accepted gzipped pages from your server, but now I can capture the packets in uncompressed form.

The problem now is I have too many outstanding games, and so can't reproduce the error, I think.

Can you cancel them for me?  All the ones to my deposit address will be mine...

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 03:37:44 AM
 #52

OK, it took me a while to figure out how to stop my browser saying it accepted gzipped pages from your server, but now I can capture the packets in uncompressed form.

The problem now is I have too many outstanding games, and so can't reproduce the error, I think.

Can you cancel them for me?  All the ones to my deposit address will be mine...

Can't cancel them, but I deleted the ip records, so you should be good to go.  The available balance (and thus the bet/win limits) will be a little lower until the other games time out, but that shouldn't matter for your testing.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 03:51:08 AM
 #53

If you're okay with revealing your email, send it to yrral86@gmail.com

Sent.  An email, that is.

FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
June 13, 2012, 03:55:53 AM
 #54

I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 04:01:36 AM
 #55

I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.

You seem to only allow me 5 or so "games" in progress at a time.  Is that because you've committed the coins to me at the time I click "place bet" and don't want to over-commit?  Do you commit coins even if it's a losing bet for me?  Can I use this to tell in advance whether it's a losing bet, and then decide whether to play?

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 04:05:24 AM
 #56

I've seen the 'tampered' message without clicking anywhere near the hash.  So that was a red herring.

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 04:14:48 AM
 #57

I changed the games to not expire for 8 hours, I was only thinking about delayed payments like from Seals or similar. Forgot that people could get locked longer that way. Change to whatever you like while testing notme.

You seem to only allow me 5 or so "games" in progress at a time.  Is that because you've committed the coins to me at the time I click "place bet" and don't want to over-commit?  Do you commit coins even if it's a losing bet for me?  Can I use this to tell in advance whether it's a losing bet, and then decide whether to play?

The difference between the win amount and the bet amount is reserved out of the available balance until a payment is confirmed or the game times out, without regard to whether or not the game is a winner.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 04:16:36 AM
 #58

The difference between the win amount and the bet amount is reserved out of the available balance until a payment is confirmed or the game times out, without regard to whether or not the game is a winner.

Good to know!

notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 13, 2012, 04:31:03 AM
 #59

Looking at your captured packets, I see no problems with 1-3, but it appears 4 and 5 are mixed up and missing some data.

4a should be a match for 5b, although 5b has two responses and 4a is only one request.
4b is the appropriate response for 5a.

That said, the request in 4a should never have happened, it is identical to 3a.  A double request would indeed cause the "tampered" error, but I'm stumped as to why it would have occurred.  It also explains why refreshing it fixes it, since as you can see in 3b, the game was successfully submitted and refreshing it just reloads it from the database.  I'm unable to reproduce the extra request here.  I'm also using Chromium, as you seem to be.  Do you also get the same behavior in other browsers?  I don't know much about squid, but is it possible it is duplicating the request?

Can you reproduce the "tampered" error freemoney?

I'll leave the site be for now, but I'm going to bed soon.  If either of you find more info let me know, otherwise I will put a fix in place in the morning that will not replace the text after the second request.  That way only the first submission's response will be displayed, and you'll see the regular text instead of the error.  Not ideal, but if I can't reproduce the extra request, it it's hard to eliminate it.

Thank you very much dooglus for providing all this debugging info.  It was very helpful.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2012, 04:34:14 AM
 #60

Looking at your captured packets, I see no problems with 1-3, but it appears 4 and 5 are mixed up and missing some data.

4a should be a match for 5b, although 5b has two responses and 4a is only one request.
4b is the appropriate response for 5a.

That said, the request in 4a should never have happened, it is identical to 3a.  A double request would indeed cause the "tampered" error, but I'm stumped as to why it would have occurred.  It also explains why refreshing it fixes it, since as you can see in 3b, the game was successfully submitted and refreshing it just reloads it from the database.  I'm unable to reproduce the extra request here.  I'm also using Chromium, as you seem to be.  Do you also get the same behavior in other browsers?  I don't know much about squid, but is it possible it is duplicating the request?

Can you reproduce the "tampered" error freemoney?

I'll leave the site be for now, but I'm going to bed soon.  If either of you find more info let me know, otherwise I will put a fix in place in the morning that will not replace the text after the second request.  That way only the first submission's response will be displayed, and you'll see the regular text instead of the error.  Not ideal, but if I can't reproduce the extra request, it it's hard to eliminate it.

Thank you very much dooglus for providing all this debugging info.  It was very helpful.

I renamed the files manually and may have messed them up.  I thought I got it right, but maybe not.

I'll try connecting directly to the internet, rather than going via squid and see if that fixes the problem...

(it seems chromium doesn't have any way of changing proxy settings except from the command line, so I'll post this, restart chromium, test, and report back).  It's "18.0.1025.151 (Developer Build 130497 Linux) Ubuntu 12.04" by the way.

Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!