Poker Players Alliance ForumsPoker Is Not A Crime: Discuss The Fight

-- Choose a Forum -- Poker Players Alliance PPA Online Site Updates Ask Skallagrim State - AL State - AK State - AZ State - AR State - CA State - CO State - CT State - DE State - DC State - FL State - GA State - HI State - ID State - IL State - IN State - IA State - KS State - KY State - LA State - ME State - MD State - MA State - MI State - MN State - MS State - MO State - MT State - NE State - NV State - NH State - NJ State - NM State - NY State - NC State - ND State - OH State - OK State - OR State - PA State - RI State - SC State - SD State - TN State - TX State - UT State - VT State - VA State - WA State - WV State - WI State - WY

Poker Players Alliance Forums » Poker Players Alliance

21. Nick Maiorana
    Member
    Visit User Profile

    Perhaps we got off on the wrong foot. If you want to have an intelligent conversation about DealGuardian, you need to lay off the personal attacks. They may seem humorous to you, but this is a serious matter and I prefer to stick to the topic. Geez, you discuss like a republican :-)

    Question 1:
    We are not providing our code partly because our techniques are proprietary and we would not want to provide our trade secrets. We did not build an Open Source Software Project, so you can understand why we would want to protect our interests. Does this make sense to you?

    Electronic fraud is easy to perpetrate because once it's done (like someone snooping your hold cards), there is no way to prove that it was done. Viewing data does not leave a fingerprint. Our business is protecting players from internal fraud. We stand by what we do. We have no motive to cheat players.

    Question 2:
    Our most desired state is for the servers to be located on our site and managed by our team. We do have a model that uses DealGuardian as an appliance, co-located at the poker room server location. This is not as secure as having us manage the servers completely. Without going into the details of how we do what we do, I will walk you through the process:

    Step 1: Card room requests a new hand and provides the number of players, and how the cards are to be dealt.

    Step 2: We produce a deck, shuffle the deck and begin dealing cards to the players off the top of the deck.

    Step 3: If the cards are to be dealt down, we encrypt them with a key in such a way that only the player's client software can decrypt them.

    Step 4: Return the dealt cards to the poker site so that they can be distributed to the players, the board or any other card holding entity.

    Step 5: (Using Hold'em as an example) If there is to be a flop, the room requests the next 3 cards to be dealt. Same as in step 1, except the only player is the board and the cards are face up (non-encrypted for all to see.)

    Repeat this process until the end of the hand. Once the hand is complete, the poker room requests the results and all the card information is provided in the clear.

    You see, if UB and Absolute Poker had been using our service, there would be no way for the super users or the insider to have knowledge of other player cards or know which cards are coming. There is no other way that I know of that keeps live card data away from all the participating parties. Without this data, internal fraud is prevented.

    How about internal fraud on our site? I can't discuss the technology here, but how we manage the data on our side can not be correlated with active hands at the poker site. We have been through thousands of trials and we feel we have successfully created a service that provided the best online gaming security available.

    Please let me know if I answered your questions.

    Posted 9 months ago #

22. Big Jim Slade v2.0
    Moderator
    Visit User Profile

    Question zero: If you think I have attacked you personally, you have very thin skin and would not survive a real personal attack. Yes, I do find humor in what I type, you are correct there. I will tell you that your apologetics would be far stronger if you did not continually misspell words. So, in a fashion, I am the straight man, you are telling the jokes.

    Apparently I am supposed to believe your unseen technology is correct and without flaws, despite your inability to consistently spell correctly when making your argument.

    Question 1:

    Does this make sense to you?

    No. It makes little sense to me. On the one hand you say your technology is patent pending, and on the other hand you say it is a trade secret. These two are mutually exclusive. For a patent, you have to explain things and document the method. For a trade secret, you have to keep them a secret. I'm confused. Which is it?

    Back to why to show your code...

    In your code, I assume you use Fisher–Yates shuffle. Showing your code would prove that your shuffle is unbiased. It's not patentable, nor a trade secret. A common coding mistake in a Fisher-Yates shuffle is to use random(n) as opposed to random(n+1). A less noticeable mistake would be in the use of the modulus operator when your random number generator is not optimized for "52". For a given corpus of Deal Guardian results, a modulus bias error will only show as a variance a few decimal places out.

    Does your data conform perfectly to a particular pattern of randomness? Or is your variance due to a modulus bias error in your shuffle? And if you have such a bias in your shuffle, what is your response, is it merely acceptable error in your methodology?

    And we haven't even begun to speak of security. Best practices in security are that code is available for review. This has nothing to do with whether this is an open source project or not. Are you saying you don't show your code to the casinos that buy the product from you? Are you selling product? What sort of nitwits are the casinos hiring?

    Question 2:

    Our most desired state is for the servers to be located on our site and managed by our team. We do have a model that uses DealGuardian as an appliance, co-located at the poker room server location.

    Thanks for the answer. Is your crypto symmetric or asymmetric? Which cryptographic method do you use (like DES)? Please tell me about your zero-knowledge system. Are you using one of the cryptographic co-processor cards such as IBM produces? Do you conform to any cryptographic standard such as FIPS 140? Have you been validated by any outside testing service? (I'm not recommending any of these, just giving examples)

    When your server is not located on site, do you use message pooling or onion skin routing? Are you sending you packets to the player in the open or are you using something, like TLS, to tunnel through?

    And in summary for question number two, how is it that the superuser on your "boxen" cannot see the cards?

    Posted 9 months ago #

23. Nick Maiorana
    Member
    Visit User Profile

    We use industry standard technology to develop the security provided by DealGuardian. It is the application of those technologies that we are not willing to disclose to the general public. As far as I know, you are not a major casino considering purchasing our software, yet you would like us to disclose our source code to you. How many software vendors do you know of that are willing to do that?

    It's a shame that your are representing an organization which claims to be centered on the player, yet your statements seem more geared towards the online establishments. We clearly created this product with the player in mind. You however believe the online sites have the player's best interest at heart, and you are satisfied with the status quo.

    Please tell that to the UB and Absolute players that were robbed of their deposits. Pundits just like you told them they were simply bad players and they should learn to be better. (They thought they were being funny as well) But, in the back rooms of these sites were cheaters, consistently hitting their long shots and making honest players go broke. That in my opinion, is not a laughing matter.

    If you honestly believe that a service like DealGuardian is not necessary, then I hope your are right. Right that there is not a "Potripper" somewhere stealing player's cash right now. Right that in the future another scandal is not going to be exposed. Only to have millions of dollars stolen from people just trying to play a fair and honest game.

    Nick Maiorana
    Secure Card Dealer, LLC
    Your Cards, Your Game

    Posted 9 months ago #

24. Big Jim Slade v2.0
    Moderator
    Visit User Profile

    Nick, I am not sure I understand you fully.

    It's a shame that your[sic] are representing an organization...

    Which organization are you suggesting I represent? If you are suggesting I represent the PPA, I fully disclosed that in the second paragraph of this thread.

    I don't represent the PPA in any way, but I was curious about the product.

    You made a claim you were looking for feedback from players - I'm a player. I am in fact an organization member of the League of Evil Geniuses, but we don't take a position on online poker. We only further our attempts of world domination. So I can't imagine why you would bring that up.

    When I created this thread, I promised

    and as for me - I'll scoff in the general direction of the technology

    I've asked you some fair questions about your technology. I've never asked to see your source code. I've never said I wanted to see your source code. Perhaps you are confusing me with someone else. I commented on your telling someone else you would not show your source code.

    I made a short argument on why it would be beneficial to your company to show your source code, or portions of it, to others. Not myself. I asked, or am certainly asking now, if a respected authority had validated your code, methodologies, or implementation for either card bias or security. I've asked if there is any independent oversight on your company or if we are just supposed to trust that everything is fine because you say so?

    Oh, pixiesticks! Can't you just answer a simple question as to whether you use symmetric or asymmetric ciphers? Do you even know the answer?

    Posted 9 months ago #

25. Nick Maiorana
    Member
    Visit User Profile

    You are a moderator for this site, so in a way you do represent the PPA. But since you did mention that you do not represent the PPA in your initial post, you have my apologies.

    Of course I know the answer. I wrote that section of the code. We use both symmetric and asymmetric key encryption for the full compliment of the DealGuardian service. Each encryption process is used more than once, in different areas, to fully secure transactions for each hand dealt.

    Posted 9 months ago #

26. Big Jim Slade v2.0
    Moderator
    Visit User Profile

    Making personal attacks against me based on your incorrect assumptions does not further your cause. Let's see, if you were successful that means DealGuardian is right because Big Jim is wrong. May I suggest you just concentrate on being right?

    As moderator my charter, in part, is to ferret out posters who are really trying to sell stuff rather than discuss the intersection of poker and public policy. In essence, I delete spam. But I don't do it as a representative of the PPA, just as a member of a peer support group board that is run by the PPA. I don't speak for the PPA, though sometimes they do speak for me.

    I'm just a poker player asking normal-ish poker player questions in response to your request for feedback.

    At this point I have ascertained that you do know of the technology DealGuardian uses, but apparently will not describe it in a fashion sufficient for it to be complimented or appreciated.

    You have given me a white box partial use case description. Thank you for educating me that hole cards go face down and board cards go face up. :) I'm sure you realize I wanted a black box description of some sort - anything other than suggesting you obviously knew this would be a personal attack on you.

    Through your silence I have determined that you have no third party who has tested or validated your product. May I suggest a slogan - DealGuardian, it just works, don't ask why!

    I cannot advocate for your product based on what I know of it. If you ever wish to have a serious discussion, please let me know.

    Posted 9 months ago #

27. Michael Lettie
    Member
    Visit User Profile

    Wait a second guys. I just joined the PPA so I'm a little behind the discussions. I have been playing, until just recently, on Absolute Poker for a few years. Before that, I cut my online 'teeth' at UB. Would one of you be kind enough to give me the "Reader's Digest" version about this 'backdoor' scandal that you speak of?

    Posted 9 months ago #

28. TheEngineer
    State Director & Forum Admin
    Visit User Profile

    Nmaiorana,

    I don't see where Big Jim personally attacked you. Quite the contrary, he's allowing you to explain to the forum why poker players would be interested in having sites use your product.

    It's a shame that your are representing an organization which claims to be centered on the player, yet your statements seem more geared towards the online establishments. We clearly created this product with the player in mind. You however believe the online sites have the player's best interest at heart, and you are satisfied with the status quo.

    You're selling a service. You shouldn't be surprised when players ask how it's supposed to work. Attacking the motives of those who do does not reflect well on your company.

    The legislation PPA is supporting addresses the concerns you listed.

    We typically don't permit product promotion on the forum, but we permitted it here to learn more about your service. It looks like it's run its course, so I'm going to lock the thread.

    Posted 9 months ago #

Topic Closed

This topic has been closed to new replies.

Poker Players Alliance Home

Poker Players Alliance Forums is proudly powered by bbPress.