These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Somer Blink: Legit or Scam?

Author
Andrev Nox
Native Freshfood
Minmatar Republic
#41 - 2012-07-03 10:21:09 UTC
Rek:

If you like, you're free to evaluate our method for choosing winners. The code we use to get the number is here. As you can see, we draw it from random.org. You can find their real-time statistics here and several peer-reviewed papers on the quality of their random-generator here.

And, from a more practical standpoint - with over 1,733,423 Blinks completed, it would be a MONSTROUS amount of work to try and rig them/keep that rigging hidden from the public/the dozens of people who've worked for Blink. Saner by far to just run it honestly and enjoy it for what it is :)

Hope that helps :)

Somer Blink - The original microlottery site.

Akirei Scytale
Okami Syndicate
#42 - 2012-07-03 10:25:07 UTC
Ariel Armani wrote:
Hello,

I heard about this 250 celebration or whatever that Somer Blink is having, so I was interested. I have some extra ISK for "fun".

Anyway, I was asking around, and somebody sent me this link -

http://blinkexposed.blogspot.com/

That got me worried, so I asked about it in the Blink thread. Some dude Andrew Nox (with Blink I guess) told me to just "ask other Blink players about their experiences".

So that's what I am doing. Anybody want to share their experiences, good or bad?

Thanks! Smile


Playing Somer Blink long term is about as intelligent as playing Blackjack long term, for the exact same reasons.
Lin-Young Borovskova
Doomheim
#43 - 2012-07-03 10:28:50 UTC  |  Edited by: Lin-Young Borovskova
Ariel Armani wrote:
Hello,

I heard about this 250 celebration or whatever that Somer Blink is having, so I was interested. I have some extra ISK for "fun".

Anyway, I was asking around, and somebody sent me this link -

http://blinkexposed.blogspot.com/

That got me worried, so I asked about it in the Blink thread. Some dude Andrew Nox (with Blink I guess) told me to just "ask other Blink players about their experiences".

So that's what I am doing. Anybody want to share their experiences, good or bad?

Thanks! Smile


Was a Blink addict for a long time, spent billions and won billions, far more than I've ever put in but just like every game you need to put yourself limits.

And yes, those are serious people, whatever you win it's really yours, they ship your stuff when possible for 0 isk, you'll never miss a single isk you deposit because it's API done or Andrew/Mom will watch logs to give you back what's yours.

There are few serious people you can trust in this game, SommerMom and Andrew are 2 of those. Not only they will always respect their contract with their customers but some times offer them to buy stuff, like LP's stuff, rare ships, faction mods etc.

Really, they're awesome dudes.

brb

Skippermonkey
Deep Core Mining Inc.
Caldari State
#44 - 2012-07-03 10:29:34 UTC
Its a casino, of course the house is going to rake it in, thats the whole point of a casino

COME AT ME BRO

I'LL JUST BE DOCKED IN THIS STATION

Vera Algaert
Republic University
Minmatar Republic
#45 - 2012-07-03 10:46:08 UTC  |  Edited by: Vera Algaert
malaire wrote:
It's even better - just get control of random.org and you can predict 100% of winning tickets.

yep, that would be one way of doing it - but in practice it would rely on blink using a misconfigured nameserver which is pretty unlikely.

Alternatively you could block access to random.org via a ddos (or wait for a time when random.org is not available for some other reason) and try to exploit some weakness in mt_rand.

Any pseudo random number generator which does not fetch entropy from outside sources is periodic, that is the numbers will start repeating themselves after some time.
For the mersenne twister used by mt_rand the period is 2^19937 − 1 which is pretty long. And of course the sequence of random numbers is different for each of the 2^32 seed states.
If Blink was trying to create really long random numbers one still might be able to figure out at which position one is in which sequence after observing a couple of outputs. But with the small numbers of tickets this is hopeless.
Additionally consider that Blink does probably use multiple php processes to handle requests each of which maintains its own PRNG. I guess that the PRNG of whatever php process gets to handle the request for the final ticket gets to determine the winning number - so you can't even look at the sequence of winning numbers and treat them as a sequence of mt outputs - they are a wild mix of any number of MTs.
Your best bet would probably be to try get php to spawn a new process with your request (or maybe you are lucky and cogdev.net uses a CGI configuration but in real-life that doesn't happen) in which case a new PRNG would be initialized and you would "only" have to guess one of the 2^32 seed states.

Real slot machines keep cycling through random numbers even when there is no user input to prevent an attacker from being able to exploit the PRNG's sequential nature.

On Linux a call to /dev/random (which introduces entropy from hardware devices; but which is blocking and can be slow if not enough entropy is in the pool) or /dev/urandom (less true randomness but fast) would probably be preferable to mt_rand.
However, in practice I can't really see anyone being able to exploit this.

.

Vera Algaert
Republic University
Minmatar Republic
#46 - 2012-07-03 10:46:59 UTC
Akirei Scytale wrote:
Ariel Armani wrote:
Hello,

I heard about this 250 celebration or whatever that Somer Blink is having, so I was interested. I have some extra ISK for "fun".

Anyway, I was asking around, and somebody sent me this link -

http://blinkexposed.blogspot.com/

That got me worried, so I asked about it in the Blink thread. Some dude Andrew Nox (with Blink I guess) told me to just "ask other Blink players about their experiences".

So that's what I am doing. Anybody want to share their experiences, good or bad?

Thanks! Smile


Playing Somer Blink long term is about as intelligent as playing Blackjack long term, for the exact same reasons.

in blackjack you can count cards, so what was your point again?

.

Akirei Scytale
Okami Syndicate
#47 - 2012-07-03 10:49:42 UTC
Vera Algaert wrote:

in blackjack you can count cards, so what was your point again?


I challenge you to attempt that at any modern casino. That technique is long dead.
Gilbaron
Free-Space-Ranger
Northern Coalition.
#48 - 2012-07-03 10:54:09 UTC
its a casino

the only person profiting from a casino in the long run is the owner

there is also no law enforcing that could possibly control this special casino for not scamming the players with fake winners

i would not give them a single ISK
Andrev Nox
Native Freshfood
Minmatar Republic
#49 - 2012-07-03 10:58:50 UTC
Gil makes a good point, honestly - end of the day, if you don't enjoy gambling, or think we'd be silly enough to **** it up by rigging it, you're best off not playing.

We're more than happy to answer questions and provide facts, but if you're dubious after that, the safe answer in Eve is always to keep your ISK in your own wallet. We're not trying to coerce anyone into gaming. :)

Somer Blink - The original microlottery site.

Gibbo3771
Perkone
Caldari State
#50 - 2012-07-03 11:05:34 UTC  |  Edited by: Gibbo3771
I dont like it very much.

Dont get me wrong, I have won more than I have lost and enjoy the experience of it.

What gets me is, its the same, constant 2-3 players winning nearly all the time, with the odd random new guy winning.

I do not think its rigged but hell, like a casino and like everyone says, house always wins at the end of the day. They might pay out 30bil to you at one point but they have already taken 60 from someone the minute before.

Too bad I cant scam them like I do in the casino, blackjack with 5 people, its like taking candy from a baby.
Danfen Fenix
#51 - 2012-07-03 11:12:48 UTC
Gilbaron wrote:
its a casino

the only person profiting from a casino in the long run is the owner



And if anyone ever thought otherwise while using it, they deserver to lose ISK


Me?

I love Somerblink Big smile I've actually made a couple hundred million off it. It 'would' be closer to 1b, but when I started I didn't realise it would be smarter to get paid back the ISK & put it back in to blink, rather than just changing it back in to blink credit OopsP
Lilliana Stelles
#52 - 2012-07-03 11:25:36 UTC  |  Edited by: Lilliana Stelles
Personally, I've turned a profit off of blink, (albeit not much of one). It is possible though, particularly if you stick around for the promos and trivia questions to get into a few extra lotteries.

Edit:
The whole thing with a character winning that hasn't been created yet winning could be based around them being bio-massed. Somer Blink only tracks names, not APIs, so if a character was deleted and recreated, Blink would think it was the same character.

Second Edit:
Considering the absolutely massive number of players pouring money into Somer, it can make a great deal more money as a semi-legitimate (casino) business than as a scam.

Not a forum alt. 

ArmyOfMe
Lowlife.
Snuffed Out
#53 - 2012-07-03 11:30:03 UTC
Well, not really played on somer a lot.
But yesterday i won 1 talos, 2x navy caracals, navy geddon and lots of other small stuff.
Came out of it with about 300m in profits.

So no, its not cheating on their part, but as with all types of gambling, the house allways wins in one way or another.

GM Guard > I must ask you not to use the petition option like this again but i personally would finish the chicken sandwich first so it won´t go to waste. The spaghetti will keep and you can use it the next time you get hungry. Best regards.

Xenuria
#54 - 2012-07-03 11:56:34 UTC
I am on the fence when it comes to blink.

When I started asking questions I was warned to stop or I would be banned from the ingame channel.
I asked somer herself some of my questions and she was evasive to say the very least.

Here are some key questions you should be asking.



"Why are their people in somer blink with win ratios over 95%?"
"Why is the majority of the statistical data hidden from the end user?"



When I make an effort to determine if something is bogus or not I ask for the data on wins and losses for everybody and everything with names and personal information partially redacted. Every legitimate organization I have ever requested this from has provided me with this, except somer blink.


Rakshasa Taisab
Sane Industries Inc.
#55 - 2012-07-03 12:02:46 UTC  |  Edited by: Rakshasa Taisab
Andrev Nox wrote:
Rek:

If you like, you're free to evaluate our method for choosing winners. The code we use to get the number is here. As you can see, we draw it from random.org. You can find their real-time statistics here and several peer-reviewed papers on the quality of their random-generator here.

As a comp.sci guy, I'll have to say that piece of 'code' fails hard.

While the random number generator (random.org) is trustworthy, the chain of trust is not kept. There is no way to verify 1) that the linked PHP code is actually what is executed 2) that the game that 'rolls the dice' rolled it just once instead of doing it multiple times until the desired result happens and 3) that every entry in a game is a real player who paid for the slot with ISK (rather than RMT).

If you really wanted to be secure and ensure 1) and 2), each game would (when created) have an random ID and the trusted random number generator would take this ID when rolling the dice, and it would only allow a single roll. The somer blink site would then link to the result page, where the ID, time and result would be viewable.

Do that and your site would be 'trustworthy' for players, but not necessarily RMT free as per 3).

Frankly the part of you post above about 'statistics' and 'peer-reviewed papers' is a clear example of trying to hide a weak link in a chain by showing off how damn strong all the other links are.

Nyan

Xenuria
#56 - 2012-07-03 12:05:42 UTC
Rakshasa Taisab wrote:
Andrev Nox wrote:
Rek:

If you like, you're free to evaluate our method for choosing winners. The code we use to get the number is here. As you can see, we draw it from random.org. You can find their real-time statistics here and several peer-reviewed papers on the quality of their random-generator here.

As a comp.sci guy, I'll have to say that piece of 'code' fails hard.

While the random number generator (random.org) is trustworthy, the chain of trust is not kept. There is no way to verify 1) that the linked PHP code is actually what is executed 2) that the game that 'rolls the dice' rolled it just once instead of doing it multiple times until the desired result happens and 3) that every entry in a game is a real player who paid for the slot with ISK (rather than RMT).

If you really wanted to be secure and ensure 1) and 2), each game would (when created) have an random ID and the trusted random number generator would take this ID when rolling the dice, and it would only allow a single roll. The somer blink site would then link to the result page, where the ID, time and result would be viewable.

Do that and your site would be 'trustworthy' for players, but not necessarily RMT free as per 3).

Frankly the part of you post above about 'statistics' and 'peer-reviewed papers' is a clear example of trying to hide a weak link in a chain by showing off how damn strong all the other links are.


^^^THIS

I am going to do some research and I will find out if SomerBlink is a scam or is actually legitimate.
Andrev Nox
Native Freshfood
Minmatar Republic
#57 - 2012-07-03 12:12:49 UTC  |  Edited by: Andrev Nox
Xenuria wrote:
I am on the fence when it comes to blink.

When I started asking questions I was warned to stop or I would be banned from the ingame channel.
I asked somer herself some of my questions and she was evasive to say the very least.

Here are some key questions you should be asking.



"Why are their people in somer blink with win ratios over 95%?"
"Why is the majority of the statistical data hidden from the end user?"



When I make an effort to determine if something is bogus or not I ask for the data on wins and losses for everybody and everything with names and personal information partially redacted. Every legitimate organization I have ever requested this from has provided me with this, except somer blink.





In answer to the first question - It's answered anecdotally in the thread above you. :) Some folks get lucky on their first few blinks, and stop forever. It's the same reason some people have win ratios at 0% - they get a bad first run, and stop forever. I grant, it's something that would be addressed with the "fixed win percentage" idea outlined earlier in the thread, but that's just not something we're willing to do. Every draw is, and will stay, independent to every other draw. :)

In answer to the second question - Large swaths of database queries readily available to the public in a unified location are a server-melting fiasco. Blink receives around 700-2.5k individual users per hour, most of which stay on the site for 27-42 minutes each, and hammer F5 like a rabid monkey while they're there. Some concessions have to be made to technical performance :)

In answer to why YOU specifically aren't given large swaths of statistical data with personal information redacted - if that's what it would take for you to play, we're okay with you not playing. :) Even if we did take the time to hand all that over, a day later you could make the same demand for information again, and again, and again. If someone really distrusts our service that much, we're totally cool with you not using it :)

In answer to Rakshasa Taisab:

Each blink does have a unique identifier, it's Blink ID number. It is visible on even the currently active blinks, in the lower left hand corner of the Blink (highlight the text there to see it). The results from that are viewable to anyone who played on that Blink - though I grant, they're not perpetually visible to anyone who wants to look.

And, again, all that said - I absolutely concede there's zero way we could guarantee that all of that code didn't change right after you looked. The answer to that one will always be: It wouldn't benefit us to do that. It would catastrophically cripple us. But if you disbelieve that, it's totally cool to keep not playing. :)

Edit to add: Re-reading, I misunderstood what you were looking for from a unique identifier. Random.org doesn't have any type of identification API, so that's not possible (to my knowledge) while using them as our RNG source.

Somer Blink - The original microlottery site.

Xenuria
#58 - 2012-07-03 12:19:52 UTC
Andrev Nox wrote:
Xenuria wrote:
I am on the fence when it comes to blink.

When I started asking questions I was warned to stop or I would be banned from the ingame channel.
I asked somer herself some of my questions and she was evasive to say the very least.

Here are some key questions you should be asking.



"Why are their people in somer blink with win ratios over 95%?"
"Why is the majority of the statistical data hidden from the end user?"



When I make an effort to determine if something is bogus or not I ask for the data on wins and losses for everybody and everything with names and personal information partially redacted. Every legitimate organization I have ever requested this from has provided me with this, except somer blink.





In answer to the first question - It's answered anecdotally in the thread above you. :) Some folks get lucky on their first few blinks, and stop forever. It's the same reason some people have win ratios at 0% - they get a bad first run, and stop forever. I grant, it's something that would be addressed with the "fixed win percentage" idea outlined earlier in the thread, but that's just not something we're willing to do. Every draw is, and will stay, independent to every other draw. :)

In answer to the second question - Large swaths of database queries readily available to the public in a unified location are a server-melting fiasco. Blink receives around 700-2.5k individual users per hour, most of which stay on the site for 27-42 minutes each, and hammer F5 like a rabid monkey while they're there. Some concessions have to be made to technical performance :)

In answer to why YOU specifically aren't given large swaths of statistical data with personal information redacted - if that's what it would take for you to play, we're okay with you not playing. :) Even if we did take the time to hand all that over, a day later you could make the same demand for information again, and again, and again. If someone really distrusts our service that much, we're totally cool with you not using it :)

In answer to Rakshasa Taisab:

Each blink does have a unique identifier, it's Blink ID number. It is visible on even the currently active blinks, in the lower left hand corner of the Blink (highlight the text there to see it). The results from that are viewable to anyone who played on that Blink - though I grant, they're not perpetually visible to anyone who wants to look.

And, again, all that said - I absolutely concede there's zero way we could guarantee that all of that code didn't change right after you looked. The answer to that one will always be: It wouldn't benefit us to do that. It would catastrophically cripple us. But if you disbelieve that, it's totally cool to keep not playing. :)

Edit to add: Re-reading, I misunderstood what you were looking for from a unique identifier. Random.org doesn't have any type of identification API, so that's not possible (to my knowledge) while using them as our RNG source.



When I am talking about win ratios I am talking about people that have earned over 1 billion isk and ALSO have a 90+% win ratio. That is what gives me pause.

As far as melting servers, I really find it hard to believe that something as basic as somer blink needs all that much resources. I am not requesting you make a live database available to the public.

Maybe something every month of week during downtime. This would cause an influx of new users because people would actually be able to run the numbers and look for anything suspicious.
dexington
Caldari Provisions
Caldari State
#59 - 2012-07-03 12:22:45 UTC
Xenuria wrote:
I am going to do some research and I will find out if SomerBlink is a scam or is actually legitimate.


I think it's going to be very hard to prove anything, on way or the other. Random is random, and while some results are statistically unlikely they are not impossible, someone can win 100 out of 100 games without cheating. Unless you hack into the webserver and prove their code is designed to fix the rolls, i can't see how you are going to prove anything, and even that would end up being your word against their on weather or not the the prove was genuine.

Personally i that the site is legit, it's just like playing slot machines with a set payout ratio. It's not cheating, just very much in the favor of the house.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.

Rakshasa Taisab
Sane Industries Inc.
#60 - 2012-07-03 12:30:04 UTC
Andrev Nox wrote:
In answer to Rakshasa Taisab:

Each blink does have a unique identifier, it's Blink ID number. It is visible on even the currently active blinks, in the lower left hand corner of the Blink (highlight the text there to see it). The results from that are viewable to anyone who played on that Blink - though I grant, they're not perpetually visible to anyone who wants to look.

I'll just skip this part for rather obvious reasons...

Andrev Nox wrote:
And, again, all that said - I absolutely concede there's zero way we could guarantee that all of that code didn't change right after you looked. The answer to that one will always be: It wouldn't benefit us to do that. It would catastrophically cripple us. But if you disbelieve that, it's totally cool to keep not playing. :)

First of all, I have no idea what kind of a lay person would ever think that an URL would in any way be any kind of insight into what PHP script was being run server-side.

Are you intentionally trying to present yourself as so clueless that we'd think you incapable of actually pulling off such an easy scam?

Also I'm not just disbelieving you and decide not to play / get scammed. I'm heavily implying that CCP should look into your operations to see if you're running an RMT laundering site.

Andrev Nox wrote:
Edit to add: Re-reading, I misunderstood what you were looking for from a unique identifier. Random.org doesn't have any type of identification API, so that's not possible (to my knowledge) while using them as our RNG source.

DERP

Nyan