Bitcoin Forum
December 06, 2016, 08:24:55 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
Author Topic: bitZino - Bitcoin Casino - Blackjack, Roulette, 3 Card Poker, Slots and more!  (Read 75414 times)
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 04:05:25 AM
 #41

Great that you're using a provably fair shuffle.

I found a typo:

dive into all the in-depth technical details on our newly launched bitZino TechBlog

"Let's reshuffle the deck using the the Fisher-yates shuffle algorithm"

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481012695
Hero Member
*
Offline Offline

Posts: 1481012695

View Profile Personal Message (Offline)

Ignore
1481012695
Reply with quote  #2

1481012695
Report to moderator
1481012695
Hero Member
*
Offline Offline

Posts: 1481012695

View Profile Personal Message (Offline)

Ignore
1481012695
Reply with quote  #2

1481012695
Report to moderator
1481012695
Hero Member
*
Offline Offline

Posts: 1481012695

View Profile Personal Message (Offline)

Ignore
1481012695
Reply with quote  #2

1481012695
Report to moderator
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 04:22:22 AM
 #42

Now you're cooking with gas!

 - https://techblog.bitzino.com/2012-06-30-provably-fair-shuffling-through-cryptography.html


Ok, ... some suggestions.

Using my Android, there is some "space" character displayed next to the amounts, so 0.0 BTC looks like 0.0▯BTC

When showing the deposit address, a QR code would be useful.  

When showing the field for entering the address for withdrawal, a link to scan a QR code would be useful.

See how EasyWallet.org does it as a good example.

And, one other suggestion.

There's really no reason for me to have to register.  If you had an "instant" (or "anonymous") mode, I could create the account simply by sending BTCs to a deposit address.  And simply, when I'm done playing, I can withdraw back to the funding address, or to another address that I enter or scan.  But if I abandon the account, then my balance is automatically returned to the funding address, say after 48 hours of inactivity or something like that.

And one other suggestion.  In addition to taking an address when depositing, consider also serving the user wishing to deposit by redeeming a private key and (or possibly a redeemable code from an exchange).

The reason this would be useful is so that a paper bitcoin type product could be used to fund the bitZino wallet and then used to withdraw the winnings as well.    For instance, at a club the ticket printer kicks out a funded paper bitcoin no different than what BitAddress.org produces.  That's all a player would need to then load funds into bitZino, ... play a few hands, and then withdraw back to the paper bitcoin which can be used again at a later date, or by someone else, or redeemed at an exchange for cashing out.    i.e.,  all someone needs to play is access to a smartphone mobile (or, preferably, a tablet) and a slip of paper with the two QR codes on it (or, prepaid bitcoin card like:
 - http://bitcointalk.org/index.php?topic=87441.msg961085#msg961085 )

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 04:24:34 AM
 #43

Great that you're using a provably fair shuffle.

I found a typo:

dive into all the in-depth technical details on our newly launched bitZino TechBlog

"Let's reshuffle the deck using the the Fisher-yates shuffle algorithm"

Thanks for catching this! It's now fixed Cheesy

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 05:07:26 AM
 #44

Now you're cooking with gas!

Thanks Cheesy

Using my Android, there is some "space" character displayed next to the amounts, so 0.0 BTC looks like 0.0▯BTC

Good catch! I have fixed this issue now. Android is kinda like the new IE6 in a lot of ways :/ (I still love it, but it's annoying how the browser isn't quite standards compliant)

When showing the deposit address, a QR code would be useful.  

When showing the field for entering the address for withdrawal, a link to scan a QR code would be useful.

Agreed! I've seen this suggestion many places on this forum, and I've already started looking into how to do it. Keep your eyes peeled!

There's really no reason for me to have to register.  If you had an "instant" (or "anonymous") mode, I could create the account simply by sending BTCs to a deposit address.  And simply, when I'm done playing, I can withdraw back to the funding address, or to another address that I enter or scan.  But if I abandon the account, then my balance is automatically returned to the funding address, say after 48 hours of inactivity or something like that.

I like this idea. We had briefly considered having no registration at all when first building the site, but there were a lot of complications around it - it's frankly way easier to build a site when you have a true User with which to reference. But, now that the site is up and running, I think it's worth reconsidering, because I definitely see the utility of doing this.

And one other suggestion.  In addition to taking an address when depositing, consider also serving the user wishing to deposit by redeeming a private key and (or possibly a redeemable code from an exchange).

The reason this would be useful is so that a paper bitcoin type product could be used to fund the bitZino wallet and then used to withdraw the winnings as well.    For instance, at a club the ticket printer kicks out a funded paper bitcoin no different than what BitAddress.org produces.  That's all a player would need to then load funds into bitZino, ... play a few hands, and then withdraw back to the paper bitcoin which can be used again at a later date, or by someone else, or redeemed at an exchange for cashing out.    i.e.,  all someone needs to play is access to a smartphone mobile (or, preferably, a tablet) and a slip of paper with the two QR codes on it (or, prepaid bitcoin card like:
 - http://bitcointalk.org/index.php?topic=87441.msg961085#msg961085 )

Love the idea! I hadn't even considered alternative cash-in methods as of a few weeks ago, but after extensively talking with many bitcoin users recently, I see this would be a valuable feature. I'm actually surprised how many bitcoiners haven't downloaded the official client, and don't even have a wallet. We definitely have to build alternative cash-in options if we want to attract those users.

Thanks so much for the extensive feedback!

Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 06:02:58 AM
 #45

Thanks so much for the extensive feedback!

Some more feedback, if you don't mind.

How about a setting in my profile so that I can have the client record (log) my play.  e..g, to later get a list of all hashes and secrets.

Just from knowing the speed of hands that the player is going at it becomes pretty easy to tell if the player is looking at the verification.  Of course, the odds are that 99.998% of us won't be verifying.   But if the client might be logging each play, for verification after the fact, then there's no way to tell which players might be scrutinizing the results.  Which keeps everyone honest.

As far as the rules, what if both the dealer and the player get blackjack?  Perhaps a page with a more complete set of rules would be useful?

What is the hold percentage (house advantage) for this game?

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 06:44:17 AM
 #46

Quote
Just in case the Mersenne Twister algorithm has any unknown vulnerabilities, it's better to stay on the safe side, and not let the client directly provide the seed

I don't think this is necessary at all.  The Mersenne Twister bit is for the user's safety, not yours.  You've already securely shuffled the deck, and are just letting the user "cut" it.  Any vulnerability would be equivalent to the player being able to always cut to exactly the 29th card in the deck.  It allows him to cut predictably, but doesn't help him win in any way at all since he has no way of knowing the order of the uncut deck.

So there's no need for you to provide your own 'server_seed' - just use the client_seed for the 2nd shuffle.

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 06:53:16 AM
 #47

As far as the rules, what if both the dealer and the player get blackjack?  Perhaps a page with a more complete set of rules would be useful?

Isn't that always a push?

What is the hold percentage (house advantage) for this game?

According to http://wizardofodds.com/games/blackjack/calculator/ it's around 0.66%.

8 decks
hit soft 17
double after split
double any 2 cards
resplit to 4 hands
can't resplit aces (right?)
can't hit split aces
only lose original bet to dealer BJ
no surrender
blackjack pays 3:2

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 07:01:34 AM
 #48

The words "your" and "deposit" overlap, as seen in this screenshot:



It's probably got to be a browser bug, since the HTML looks fine.

I'm using Chromium 18.0.1025.151 (Developer Build 130497 Linux) Ubuntu 12.04.

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 07:28:20 AM
 #49

How about a setting in my profile so that I can have the client record (log) my play.  e..g, to later get a list of all hashes and secrets.

Just from knowing the speed of hands that the player is going at it becomes pretty easy to tell if the player is looking at the verification.  Of course, the odds are that 99.998% of us won't be verifying.   But if the client might be logging each play, for verification after the fact, then there's no way to tell which players might be scrutinizing the results.  Which keeps everyone honest.

I was thinking this would be the perfect use-case for a greasemonkey script. Because honestly, even if we allow you to log the hands client-side, you still have to trust that the javascript we're serving you isn't corrupted.

If anyone wants to build such a script, I'd be happy to help support it!

As far as the rules, what if both the dealer and the player get blackjack?  Perhaps a page with a more complete set of rules would be useful?

What is the hold percentage (house advantage) for this game?

Dooglus already gave some good answers here (Wizard of Odds is one of my favorite sites!). But just to confirm: both the dealer and the player getting a blackjack is indeed a push. And all the rules dooglus listed are correct (indeed, you can't resplit aces), so it's a 0.66% house edge if you play optimally.

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 07:35:16 AM
 #50

Quote
Just in case the Mersenne Twister algorithm has any unknown vulnerabilities, it's better to stay on the safe side, and not let the client directly provide the seed

I don't think this is necessary at all.  The Mersenne Twister bit is for the user's safety, not yours.  You've already securely shuffled the deck, and are just letting the user "cut" it.  Any vulnerability would be equivalent to the player being able to always cut to exactly the 29th card in the deck.  It allows him to cut predictably, but doesn't help him win in any way at all since he has no way of knowing the order of the uncut deck.

So there's no need for you to provide your own 'server_seed' - just use the client_seed for the 2nd shuffle.

Yeah, it is somewhat overkill, I agree. I was paranoid that there may be some vulnerability in Mersenne Twister that would cause the algorithm to somehow allow the input to affect the output. Now that I've gotten to know MT a little bit better, I see this is practically not possible given the way the algorithm is written.

The additional benefit that the server_seed provides though, is that it's effectively a random salt for the secret. Without the salt, a dedicated adversary could presumably start making a massive rainbow table of all known deck configurations. Again though, this is rally just paranoia - there's way too many deck configurations for this to be conceivable (especially with 8 deck blackjack). But I preferred to be a little paranoid than to have bitZino be exposed to a vulnerability.

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 07:51:23 AM
 #51

The words "your" and "deposit" overlap, as seen in this screenshot:



It's probably got to be a browser bug, since the HTML looks fine.

I'm using Chromium 18.0.1025.151 (Developer Build 130497 Linux) Ubuntu 12.04.

Ah, I see it in Chromium 18 myself as well. Interestingly, it's not in Chrome 19. Also interestingly - the layout glitch goes away if you refresh the page.  I do have an idea of what causes this bug - I think it's due to the way webkit handles re-layouts of the page - I'm going to have to dive a little deeper though to figure out a fix. Thanks for the report!

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 07:53:20 AM
 #52

so it's a 0.66% house edge if you play optimally.

Are you aware that bitjack21 has only a 0.45% edge (they stand on soft 17), and strike sapphire's is only 0.50% (only 6 decks, let you hit split aces, but only split to 2 hands)?

I don't know about the other bitcoin blackjack offerings, but both of these have more attractive offerings than bitzino.

Yeah, it is somewhat overkill, I agree. I was paranoid that there may be some vulnerability in Mersenne Twister that would cause the algorithm to somehow allow the input to affect the output. Now that I've gotten to know MT a little bit better, I see this is practically not possible given the way the algorithm is written.

Well, the input does affect the output...  but like I said, the 2nd shuffle is entirely for the user's protection, not the site's.

The additional benefit that the server_seed provides though, is that it's effectively a random salt for the secret.

The thing is, there are about 10^672 (2^2229) shuffles of 8 decks, but only about 10^78 (2^256) different sha256 hashes.  So each secret hash corresponds to about 10^594 (2^1973) different shuffles.

A rainbow table won't help.  Each time I see the same secret (which happens about once every lifetime-of-the-universe), it will correspond to a different shuffle.

ie. you really don't need salt in this case, and so can simplify the verification process.

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 02:24:21 PM
 #53

so it's a 0.66% house edge if you play optimally.

Are you aware that bitjack21 has only a 0.45% edge (they stand on soft 17), and strike sapphire's is only 0.50% (only 6 decks, let you hit split aces, but only split to 2 hands)?

I don't know about the other bitcoin blackjack offerings, but both of these have more attractive offerings than bitzino.

Thanks for the heads-up! I was just using what I thought were standard rules, and hadn't really considered exactly what every else's house edge was. I think I will change the rules to allow for both hitting and re-splitting of split aces, which is more fun, and it'll bring the housed edge down to a meager 0.398%.

Well, the input does affect the output...

Heh, of course it does Wink I meant to say that it could affect the output as the algorithm runs - ie, it could rely on the state of the deck in order to determine which operations to take in future steps (which I think algorithms like AES do). If this were the case, an attacker could presumably choose a seed that always brings certain cards to the top of the deck, regardless of the initial_shuffle.

ie. you really don't need salt in this case, and so can simplify the verification process.

I am paranoid I know, but ultimately, I don't think it adds that much complication, and it does let me feel better about letting clients choose a seed which determines the ultimate outcome of the deck Cheesy

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
June 30, 2012, 03:25:28 PM
 #54

Took a look at this last, on my iPad. I lOve it!  And I am not really a BJ person, great job! 

Can I ask what libraries you are using, or did you write an entire HTML5/canvas graphics engine yourself?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 03:45:02 PM
 #55

I think I will change the rules to allow for both hitting and re-splitting of split aces, which is more fun, and it'll bring the housed edge down to a meager 0.398%.

Wow.  You really are open to feedback aren't you!

I don't know if you're aware of how big the swings can be in blackjack.  Offering a 10 BTC max bet exposes you to the possibility of some pretty big losses if someone plays the max bet and has a good run.  Maybe you've considered that and are prepared to lose a lot, but I thought I should mention it.  There's probably a reason the other sites offer less than half that as their max bet.

I meant to say that it could affect the output as the algorithm runs - ie, it could rely on the state of the deck in order to determine which operations to take in future steps

Oh, I see.  The shuffle is applying a permutation to the pre-existing shuffle.  The client gets to decide the permutation, but doesn't have any way of knowing the original state, and so can't control the final state.

I made a small deposit last night, played a few hands, and withdrew - mostly just to check out how it worked.

It all went pretty smoothly, but I had the following comments:

* it seems you wait for 7 confirmations before marking my deposit as 'confirmed'?  that seems like a lot, but since you allow me to play unconfirmed balances it's not a problem

* if I had been able to 'cancel' my withdrawal request, I would have, and would have played more hands.  Is there any reason you wouldn't allow players to cancel a pending withdrawal request?

Finally, I just noticed a small issue:  if I click my name in the top right, select a new 'base currency', click 'update', then click 'back', then the "Welcome to Blackjack!" box in the centre of the page still shows my balance in the old currency units.  So if I was in mBTC before, but have less than 1 mBTC left, so I switch to uBTC, I still can't buy in because the buy-in box is still prompting for the number of mBTC to buy-in with.

If I click 'leave' in the top right then the currency units update, but that's a workaround I shouldn't have to use.

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 04:12:51 PM
 #56

I just noticed that whatever the currency unit I set, the withdraw screen is in whole bitcoins.  It might make more sense to use the preferred base unit there too (and anywhere else that you show currency values - like in the history of deposits).

libertaad
Sr. Member
****
Offline Offline

Activity: 266



View Profile WWW
June 30, 2012, 06:59:17 PM
 #57

Took a look at this last, on my iPad. I lOve it!  And I am not really a BJ person, great job! 

Can I ask what libraries you are using, or did you write an entire HTML5/canvas graphics engine yourself?

Thanks for the praise! I'm glad it works well on your iPad - that's one of the huge benefits of HTML5 - automatic cross-device compatibility Smiley

We make use of jQuery and some parts of jQueryUI for the animations - but for the most part, we're just using pure HTML5 and CSS3. Specifically - we make heavy use of HTML5 -data attributes for communication between the client and the server. We also use CSS3 transitions.  We're planning on rolling out some 3D CSS transitions when we can work out some of the cross-browser kinks.

Wow.  You really are open to feedback aren't you!

Yup! Cheesy That's one of our core philosophies - stellar customer support across the board. This is why we spent so much time creating the provably fair shuffling system - we wanted our customers to know they were getting a fair game.

I don't know if you're aware of how big the swings can be in blackjack.  Offering a 10 BTC max bet exposes you to the possibility of some pretty big losses if someone plays the max bet and has a good run.  Maybe you've considered that and are prepared to lose a lot, but I thought I should mention it.  There's probably a reason the other sites offer less than half that as their max bet.

We are aware of the potential for swings, and we are fully capitalized to handle whatever swings come our way. We've done extensive statistical analysis, including random distribution analysis, and monte carlo simulations,  in order to ensure that our risk of ruin is infinitesimal.

I made a small deposit last night, played a few hands, and withdrew - mostly just to check out how it worked.

It all went pretty smoothly, but I had the following comments:

* it seems you wait for 7 confirmations before marking my deposit as 'confirmed'?  that seems like a lot, but since you allow me to play unconfirmed balances it's not a problem
It should just be 6 confirmations - which I admit still is actually quite a lot for smaller transactions. We are thinking of lowering this for smaller withdrawals, but we just want to be careful to not expose ourselves to any double spend attacks, which we've known has been the downfall to other bitcoin sites in the past. Since we allow you to play with 0 confirmations, we don't see this as a huge issue though.

* if I had been able to 'cancel' my withdrawal request, I would have, and would have played more hands.  Is there any reason you wouldn't allow players to cancel a pending withdrawal request?

That is a great point. We actually have the ability to cancel withdrawals on the backend, we just need to build a UI for it.

Finally, I just noticed a small issue:  if I click my name in the top right, select a new 'base currency', click 'update', then click 'back', then the "Welcome to Blackjack!" box in the centre of the page still shows my balance in the old currency units.  So if I was in mBTC before, but have less than 1 mBTC left, so I switch to uBTC, I still can't buy in because the buy-in box is still prompting for the number of mBTC to buy-in with.

If I click 'leave' in the top right then the currency units update, but that's a workaround I shouldn't have to use.

Ah yeah - that is indeed a poor user flow. We are probably going to change the whole concept how base currency works, such that you can play at a table in a different base currency than your account's base currency. Because you really shouldn't have to change your account settings just to temporarily play at a lower limit. Keep your eyes peeled for this change!

I just noticed that whatever the currency unit I set, the withdraw screen is in whole bitcoins.  It might make more sense to use the preferred base unit there too (and anywhere else that you show currency values - like in the history of deposits).

Yeah, good point. We figured that since you're withdrawing back into the real bitcoin network at this point, that it would make more sense to show BTC on this screen. But, given your feedback, I think it would be good to show the balance in both your base currency, and in BTC.

Thank you all so much for the feedback! This really is incredibly valuable to us as we continue to grow bitZino and make it a better site for all comers. Dooglus, and Stephen Gornick  - I've added a BTC to your accounts to thank you. Thanks again!

Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 07:28:29 PM
 #58

Dooglus, and Stephen Gornick  - I've added a BTC to your accounts to thank you. Thanks again!

Heh, wow, awesome!  Thanks!

There's one other feature that might be useful -- user configurable timeout, so that like 15 minutes of inactivity I need to log back in to play.  (optional, of course)

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 07:35:15 PM
 #59

Dooglus, and Stephen Gornick  - I've added a BTC to your accounts to thank you. Thanks again!

Heh, wow, awesome!  Thanks!

There's one other feature that might be useful -- user configurable timeout, so that like 15 minutes of inactivity I need to log back in to play.  (optional, of course)

Thanks for the bitcoin.  Smiley

I was wondering about timeouts too.  My Internet connection is pretty flaky here.  What happens if it goes down for an hour part way through a hand?  Can I expect the hand to continue when I get back online?  What if I click 'hit', but the connection is down at the time?  Will the client deal nicely with not getting a server response and let me try again later?

I guess ideally I'd like to be able to have my browser crash part-way through a hand, then log in on a different computer and see the half-finished hand still in play.  But maybe that's expecting too much.

dooglus
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 30, 2012, 09:36:01 PM
 #60

My Internet connection is pretty flaky here.  What happens if it goes down for an hour part way through a hand?  Can I expect the hand to continue when I get back online?

Funnily enough, my Internet just went down.  While it was down, I clicked 'buy in', and eventually got an error page from Chromium.  When the connection came back, I refreshed the page, and got:

Quote
Not Found

The page you were looking for doesn't exist.

You may have mistyped the address or the page may have moved.

The browser's address bar is now showing https://bitzino.com/table_transfer rather than the usual address, but I didn't change it.

(So I guess that answers my question!)

Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!