Isn't there a way to set up a server that generates the server seeds and sends them to just-dice, but that doesn't allow those seeds to be read out ahead of time, i.e. before they are sent?
Whoever has access to that server has access to the seeds.
A better solution would be to have a server that does nothing except generate and store seeds, then generate rolls on demand. That would reduce the attack surface - gaining access to the JD server wouldn't give you access to the "roll server". But someone would still have access to the roll server, and hence access to the seeds.
I keep asking whenever it comes up whether anyone can find a way to make the site provably fair for investors. I'd love not to be constantly suspected of cheating (so we can go back to speculating at what point I'm going to steal the cold wallet), but I don't see it happening. If there was no way of me cheating, then presumably there would be no way of anyone else cheating either. Then we could know for sure that nakowa is "just lucky" and get on with waiting for him to crash and burn. So if anyone has any ideas how we can end this nightmare, please do speak up.
Remember, it has to be provably fair. So "use random.org" doesn't cut it. Similarly anything that relies on precise timestamps can be ruled out, I think.
Doog: I mentioned this earlier, maybe it was too stupid to deserve a response but could your software and historical rolls be audited by a trusted third party (such as the one used by pokerstars which gave me this: PokerStars shuffle verified by Cigital, PokerStars submitted extensive information about the PokerStars random number generator (RNG) to Cigital. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars) or does that lead to potential exploitation as well?