Forum

[ja jamie_evans WANTED $18 Outlaw]

Currently out of work.  I used to be an Infrastructure Architecture for a fintech company.  Now I’m just a freak with too much time on his hands.

[ja jamie_evans WANTED $18 Outlaw]

The links aren’t the same.  What you’re probably seeing is the container URI without any query parameters.  The game is normally presented in an IFrame, so if your were to look at the src attribute of the IFrame tag you’d see different URLs.  In every single case where I’ve seen (and I supect every case full stop), especially in the case of Play’n GO, the demo mode is differentiated by using a different URL / route to the content pages.

[ja jamie_evans WANTED $18 Outlaw]

4 – Streamers get Winmode from the casino to show them winning. UNTRUE. It’s physically not possible to give a player a game result thay wins. For the games to be provided No one can touch a gameround from it being hit spin by the player, the RNG doing it’s verified spin, the result being sent from the provider to the casino to the player. Not possible. Casinos cannot, and would not, do this. Casinos pay the provider a % for each amount lost on their games (averages around 12%) and the casinos keep 88% for them.

I’m fairly certain you’re right about streamers getting “winmode” being untrue, but that it’s not possible isn’t strictly correct.

The casino ultimately has full control of the slot.  Not because it can alter a result generated by the provider (though it can in some cases reject it and I’ll come to that later) but because it controls the interface through which you access the slot.  And this power enables casinos to do anything they want.  Because most slots are now HTML5 based, anyone (including the casino) can download the full front end of the slot, modify the link sources, and host it themselves.  But what about the RNG / result generator?  Well, if you reconfigure the front-end to look at a back-end other than that of the provider, such as an API of your own, you could send any result you wanted.  It’s not easy to reproduce and manipulate providers responses, but it is very easy to record the message payloads (results) of a very successful and legitimate session, stick them in a database, and send them sequentially on request.  This is similar to how providers reproduce videos of bonuses, like BTG did for the Tesla competition recently, except they already have the game data.  To keep this a secret I imagine it would be virtually impossible, unless almost every employee of the casino were totally corrupt and trusted not to spill the beans, and the casino were not thoroughly audited – but then I know what technical audits are like and the evidence you provide is never interrogated.  It’s not difficult to conceal from a technical perspective though.

So back to the rejection of results.  The communication path for a spin of a typical slot is player (request) > provider (request) > casino (response) > provider (response) > player.  The provider request is the important part here.  The result of a game is generated by the provider before any communication is done with the casino or the player.  In the provider request, they’re doing three things all at once, but not in the order one would expect:  (1) They’re notifying the casino of the result of the game in their request, (2) checking that the response is okay (3) reading the updated balance which the casino has calculated from the result of the game.  Step 3 is necessary because, although providers are able to keep track of your balance from the play of the slot, they don’t have visibility of all the games you’re playing and you could be playing two different slots at the same time, or have made a deposit while playing.  Some slots will show a deduction in your balance as soon as you press spin, and update with any win amount, but not update with the true balance the casino responded with until spin is pressed again.  This is why many slots need to be spun twice for a new deposit to appear.  So the order of steps 1 and 2 are the issue here, and their precipitated by this four-way RESTful design pattern.  The provider is notifying the casino of a game result before even checking that you have sufficient funds to cover the game round.  The casino is able to make a decision on whether or not to credit your account with a win.  If the casino were to respond to say you don’t have enough funds because they wanted to reject your win, then the provider would have a log of this and which would be potential evidence of foul play sitting outside of the casino, if investigated.  Plus, the player would be wondering what the hell was going on when they get a message in the slot saying insufficient funds.  But what if the casino didn’t respond at all?  What if they allowed the connection in, read the request, decided nah we’re not giving the player this win, and just held the connection open until it timed out?  Or it responded to the provider with a server error?  The provider can’t show you the win because it doesn’t even know if your balance was ever sufficient to play in the first place.

I realize this is very cynical, but wherever money goes, greed and corruption will follow.  And this simple little trick could be carried out with minimal people knowing.  Maybe just a single developer or single engineer.  And the big boss of course.

Sorry if the above seemed ignorant of your knowledge on the matter, I went in to detail more for the laymen of the forum.

[ja jamie_evans WANTED $18 Outlaw]

On the question of what I think of Roshtein, I find him extremely annoying and unpalatable.

Whether he is fake or not?  Put it this way: On the surface, no gambler is going to continuously sustain 6 or 7 figure losses annually without (1) becoming destitute quite quickly, (2) having so much money that revenue from affiliation is irrelevant, or (3) making more in affiliation revenue than losses from play.

We can safely rule out options 1 and 2, because he isn’t destitute and he is and always has promoted the use of his affiliation links.  That leaves us with him making more in affiliation than he loses in play.  And though this sounds like an option which grants legitimacy to his operation, and we know what affiliate bonuses can do to overall RTP, I still think he’s almost completely fake, and here’s why.

A few months ago clips started surfacing on YouTube of Roshtein opening a slot in demo mode, which coincidentally loaded up with the same balance as in his “real” account.  Now that by itself is not conclusive evidence that he’s not playing with real funds, but it does get you thinking.

The game in question was Rise of Merlin, designed by Play’n GO.  Rise of Merlin is a hosted game (just like most modern games), meaning that Play’n GO do not distribute the binaries of the game itself to casinos, rather they host it on their own network and the casinos plug in to it via APIs.  So in this model, opening a game primes a new session in which the provider makes an API call to the casino, who return to them your account balance.  Initiating a spin then triggers the the provider’s system to generate a result, and make an API call back to the casino to (1) notify them of what that result is, and (2) retrieve – by response – the updated balance.

For Roshtein to have opened a game in demo mode, and the balance to be the same as his so-called real balance, the casino would have had to prime a new session using the amount of his real balance.  If this were the case then, without logic to determine whether the real balance were sufficient to be used for demo mode, a player with a zero balance would simply not be able to demo the slots.  This is counterproductive to the ambition of the casino, which is to get you to play for real.  Why would a developer even go through the extra effort of retrieving the real balance, and performing logic on it, knowing that in most cases where demo mode is used the player doesn’t have sufficient real funds, when a standard amount can be used for all cases.  It doesn’t make sense.  That leads me to the conclusion that, at least in the stream where he is supposedly exposed, the real account balance and demo account balance is one in the same.  And there can be two possible reasons for this.

Let’s suppose that the casino he is using maintains a balance for a player’s demo account.  This would mean that Roshtein would be able to move from game to game and the balance would naturally be maintained.  But we do see Roshtein clicking the button for real play, not demo, so how can this be possible?  Simple.  There are plenty of ways to fake this:  URL rewriting could be used to overwrite a casino API query parameter to change all real requests to demo; A couple of lines entered in the browser console could change all real links in to demo ones; The browser could have a script extension installed which manipulates the links, etc.

The possibility that sits best with me is that Roshtein is actually playing on a pre-production version of the casino system.  Anyone who works in development or operations of systems like these knows that before updates to systems are released they’re tested against a live-like environment, where all of the dependencies and relationships to other parts can be tested before “go-live”.  Having been an architect of many such environment I know that the ambition when designing pre-prod, integration or sandbox environments is to provide as much functionality as possible with the constraint of not being able to interact with production systems or data.  It’s not just casinos who have pre-production environments, it’s payment providers too.  And, as such, a test environment for the casino will be configured to use a test payment system.  Although it is possible to completely fake a cash out or deposit, the technical complexity becomes an order of magnitude greater.  I think this best explains how Roshtein can be seen, live, making deposits and withdrawals.  He is using test or arbitrary card details.  But how can we see the URL is the same as we would be visiting when playing for real money?  How does Roshtein get a pre-production system when others get a production one?  This is probably the simplest little hack in all I will write about.  A pre-production server will have a different public IP address to a production one, and most likely a different DNS host name.  It is really quite trivial to change the IP address which your computer uses for a host name.  There is a file which you can add entries to override normal name resolution behavior for given hosts, referred to as the local machine hosts file, or LMHOSTS.

So what do I think of him? He’s an annoying little phony.

[ja jamie_evans WANTED $18 Outlaw]

I wouldn’t hold my breath waiting for the provider.  If it helps stop you from chasing that moment and blowing it all, I’ll do a video for you – you’ll have to trust my ability lol.  Immortal Romance has never been kind to me.

What was your balance before the win?

[ja jamie_evans WANTED $18 Outlaw]

Gambling’s the next smoking.  You used to get 20 Superkings for two quid in a snazzy black and gold pack, now you gotta look at some dead baby or with fags for eyes, or some fuck hole in the throat.

Pretty soon you’re gonna have to watch a video of yourself before depositing, sifting through black bags for last weeks dinner you burnt ‘cos you were gambling, and debt collectors hooking up a noose for you to kiss your own sorry ass goodbye.

[ja jamie_evans WANTED $18 Outlaw]

Really, there aren’t.

[ja jamie_evans WANTED $18 Outlaw]

Ahh she walked in on me on the old over weight wonkey donkey.  I tried to tell her it was just a nativity play but that just made matters worse (I had my cock out).

[ja jamie_evans WANTED $18 Outlaw]

Nick, as in the guy who once said he “just can’t relate” to the bandit anymore because of his high stakes, who then himself proceeds to raise his stakes?

Yeah he a wank shed occupying, nappy wearing, microphone head.

[ja jamie_evans WANTED $18 Outlaw]

You bitches get back to swinging handbags right now! I was getting in to this thread.

[ja jamie_evans WANTED $18 Outlaw]

This reminds me of the time my ex wife called me while I was in work asking what I was doing watching midget porn.  Turned out she was on Google typing random letters and thought the predictive search was actual search history.  Dumb bitch.

Seriously though, this site does have some serious wordpress vulnerabilities.

[ja jamie_evans WANTED $18 Outlaw]

@BJM86

To return to my original point, if you don’t like it the solution is really simple…

That isn’t a sensible business stance for Bandit though.  With less viewers comes less revenue.  With less revenue comes less charitable donations.  I condemn any personal attacks against Steve for making this decision, and from what I read, some really vile people have popped their head out of their ass to be flatulent for a moment in the most horrible way.  At the same time, @kojak and many others should not be alienated or lambasted for protesting.  As long as they’re not being abusive then let them be heard.

I was disappointed with the cancellation but for different reasons to most.  Personally I don’t like to see division or favor among The Bandit’s following.  You can’t please everyone but you don’t need to subjugate people’s principals either.

[ja jamie_evans WANTED $18 Outlaw]

I love this comment for multiple reasons.

If it helps at all, my philosophy is this:

Mastery of knowledge acquisition is achieved by asking the right questions, in the right way.  A person who asks you how to do something when Google is right in front of them isn’t always lazy, a lot of the time they just know you’ll understand the question.  Mastery of one’s emotional self is the ability to choose the right time to learn or reaffirm the right thing, in an exercise of balancing external stimuli.

https://www.youtube.com/results?search_query=acts+of+kindness

From one aspiring compassionate to another, I hope this helps.

[ja jamie_evans WANTED $18 Outlaw]

@argyl53 I don’t disagree with your earlier reply to me, and I was perhaps complacent in my suggestion mods were removing people for simply having a view.  On reflection, they do indeed seem to be resigned to not using the forum again, though sending them off with a public slap may be a little OTT – to some at least.

Email verification links and reCAPTCHA will thwart 99% of script kiddies, and £3,000 probably wouldn’t motivate the remaining 1%.  SMS verification codes would be a good one which, provided the privacy policy is right, would pay for itself thousandfold.

I do think though the argument in your later post that entry hasn’t cost anyone anything is a little simplistic.  Not me personally (I couldn’t give half a hoot because I’m immune to marketing) but some people do see their email address as having some intrinsic value, and in giving it, they have entered in to a transaction.  What they didn’t do, however, was read the terms and conditions of the draws which clearly state Bandit has the right to cancel a draw if foul play or fraud is “suspected”.  That sufficiently manages my expectations, in that I have none.  Anyone questioning the legality of cancelling the draw need only know that competitions like this in the UK must have a set of terms and conditions attached, and the terms in this case are completely standard for a giveaway of its sort.

So is cancellation wrong?  Without question, no.  Could it have been handled better?  Maybe a little but it could have been a lot worse.

Finally, are we human, or are we dancer?

[ja jamie_evans WANTED $18 Outlaw]

Personally, I couldn’t care less that I signed up and entered thinking I had a chance of winning when I really didn’t.  The chances in my mind were 13,000 to 1, which is like one of those pointless horse races where the favorite is so strong you have to remortgage your house to make a tenner.  But then this was free entry, so why not?

That being said though, did I expect 13,000 legitimate entries? Hell yeah!  The latest video has 20K views already.  There are two things I’m a little bothered about.

First, as an IT professional who has years of experience designing and implementing mechanisms to ensure to the integrity and security of very sensitive financial services infrastructure, and indeed exploiting weaknesses and vulnerabilities, I’m loathed to witness what can only be considered a failure to apply technology correctly to ensure the integrity of an application.  Yeah, I really did just say that and anyone shocked reading that should appreciate their shock is one of the reasons they don’t work in this field and I do.  Relying on the honesty and trustworthiness of people entering an internet competition is like leaving your house open to the public so they can warm up during winter and asking them nicely not to take your shit.  You just wouldn’t do it.

Second, as somewhat of a liberal person, it’s not great to see moderators blocking people for taking issue with the competition being cancelled.  You might disagree with their position but these are people who – all being said and done – actually watch your videos.  And as disagreeable as they may be, you should still care about their views, and the “it says more about you” stance says just as much about you.  Think of your followers as the land of the ancient Hawaiians and Polynesians who’s effigies of God (Tikis) are all over your site.  Look after the land and it will bear fruit.

[Author]

Posts