Someone has a sense of humour
-
Apparently at times the random seed needs regenerating. Someone has a sense of humour.
if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69) smf_seed_generator();
I didn't look before, but this brings us to an interesting little ditty. I stopped having a sense of humour once I realised this.
function smf_seed_generator(){ global $modSettings; // Never existed? if (empty($modSettings['rand_seed'])) { $modSettings['rand_seed'] = microtime() * 1000000; updateSettings(array('rand_seed' => $modSettings['rand_seed'])); } // Change the seed. updateSettings(array('rand_seed' => mt_rand())); }
Its use is interesting. It's a partial source of entropy for several operations system-wide; the 'reset your password' code is generated using that as part of it, as are some of the one-off-tokens for some actions, and I'm OK with that because there's other stuff but still... there's absolutely no need for the check to see if $modSettings['rand_seed'] is set because the updateSettings call will without fail update it and reseed it with mt_rand() instead of the one basd off microtime()... wait what?
Replacing it with fucking mt_rand()?
-
Why not just use 4? It's guaranteed to be random.
-
Yes, yes, it's rolled randomly but still, dafuq is this about.
I have done the correct thing in reporting this bug.
-
Why not just use 4? It's guaranteed to be random.
Why not just use 9? We can never know if it's really random.
-
Just because @ben_lubar does not read xkcd...
-
Just because @Arantor does not read Dilbert...
-
I never said I didn't read Dilbert; I remember the Accounting Trolls from the first time around.
But I did get the feeling you were angling for a whoosh badge.
-
I read both comics as well. I was just making a reference to a different comic than you were, on the same topic.
-
Can we just say that we were all aware of both comics?
-
-
No. You should say 4. Or 9. Because comics that have not been mentioned.
-
Not that inhabits this forum.
-
How should you best randomly decide between 4 and 9? Is this another coding contest for Alex?
-
Do you know how PHP does its PRNG seeding step? If it's up to the programmer, this is is terrible.
-
It doesn't matter. Both of the numbers are random.
-
This is not the standard PRNG setup, I guess I should have made that clear. This is for a separate source of entropy that is combined with other stuff later on.
mt_rand() - the recommended PRNG - should be seeded at PHP init time (though was not done so until PHP 4.2 or so)
You can manually seed it but this also seems pointless as the manual for
mt_srand
points out:"The Mersenne Twister implementation in PHP now uses a new seeding algorithm by Richard Wagner. Identical seeds no longer produce the same sequence of values they did in previous versions. This behavior is not expected to change again, but it is considered unsafe to rely upon it nonetheless."
Which sort of pisses on the point of having a seed function that accepts a seed from the code side in case you intentionally want repeatably behaviour for certain kinds of testing.
-
How should you best randomly decide between 4 and 9? Is this another coding contest for Alex?
That's the thing with deciding between random numbers. You can never be sure.
-
Um, barf. Kill it now. With fire.
MT needs a few thousand invocations before it starts putting out unpredictably "random" numbers. You should not be seeding MT more than once in any application.
PS Why did the box start at the top instead of going where I linked?
-
I don't think you understand what I'm saying. I'm well aware that PHP does its seeding of mt_rand() at the start and that's the only time it should be. However I can envisage times when you might intentionally want to test algorithms with a known set of data that's repeatable without too much code - when you might want to force-seed it.
This particular case that this thread started with is for a very specialist situation where it's used as part of something greater to be a factor that can't be affected directly from outside.
-
Oops, yes, I realized I misunderstood.
But... there's still the problem of seeding the "internal" random number generator. You still need to run a PRNG a few hundred to few thousand times before the results pass the randomness tests. So, unless the
smf_seed_generator()
method is smart enough to call its internal generator a few hundred/thousand times, and if the seed request happens once every 250 requests, then on average, every random is not.
-
I realised I confused things by pointing out two totally separate things, so I will try to separate them. There is only one problem here and you haven't nailed it.
Firstly, yes, PHP has to seed it itself. It does this itself at initialisation. It has an algorithm that seeds the internal PRNG. And does so to the point where even if you forcibly call the reseeding yourself with
mt_srand
it still won't give you a repeatable sequence even if you seed it with a constant yourself. I noted that this could be a problem if you wanted code that depended on random numbers but wanted non-random number sequences purely for testing purposes.Secondly, smf_seed_generator. As I have said several times, this is purely being used as a source of entropy elsewhere, and the fact it is only regenerated 1/250 requests on average is perfectly fine.
Consider the following where it is actually used:
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
You're taking a value from the current point in the sequence, plus the session id, plus the microtime plus this seed and generating an MD5 out of it. It doesn't have to be perfect, it just has to be sufficiently random for a one-use token because even with the limited keyspace of MD5, you're still dealing with something like 2^40 and for the uses here, it just has to be good enough for that one shot use. You don't get the opportunity to brute force it.
The only actual problem here is that there were two sources of entropy being tapped when only one was needed and the one being used was not really ideal for the task at hand.
-
Which sort of pisses on the point of having a seed function that accepts a seed from the code side in case you intentionally want repeatably behaviour for certain kinds of testing.
Identical seeds no longer produce the same sequence of values they did in previous versions. Not "like they did in previous versions".
-
MT needs a few thousand invocations before it starts putting out unpredictably "random" numbers. You should not be seeding MT more than once in any application.
That's why you usually do the warmup once you seed.
-
How should you best randomly decide between 4 and 9? Is this another coding contest for Alex?
Randomly pick the mode, median, mean or range of them....
-
But... there's still the problem of seeding the "internal" random number generator. You still need to run a PRNG a few hundred to few thousand times before the results pass the randomness tests.
The wikipedia page mentions this applies for "non-random seeds". Doesn't that mean you can sidestep the problem by initializing the MT with the output of a better PRNG, such as /dev/random?
-
How should you best randomly decide between 4 and 9? Is this another coding contest for Alex?
Put a cat in a box with a vial of poison hooked up to a geiger counter and some uranium. Close the box. Open it again. If the cat's dead, use 4, If not, 9.
-
I keep getting 4. Maybe less uranium?
-
Put a cat in a box with a vial of poison hooked up to a geiger counter and some uranium. Close the box. Open it again. If the cat's dead, use 4, If not, 9.
But what if the cat is gone because it got bored and just up and left?
-
I read both comics as well. I was just making a reference to a different comic than you were, on the same topic, bitch.
FTFY
-
I keep seeing your avatar as a red guy with open mouth leaning in from the left.
-
But what if the cat is gone because it got bored and just up and left?
Check if any of the uranium is missing. Because uranium-laced hairballs are really nasty.
-
Looks vaguely frog-like for a red guy.
-
Put a cat in a box with a vial of poison hooked up to a geiger counter and some uranium. Close the box. Open it again. If the cat's dead, use 4, If not, 9.
My hands keep getting radiation burns.
-
Put a cat in a box with a vial of poison hooked up to a geiger counter and some uranium. Close the box. Open it again. If the cat's dead, use 4, If not, 9.
Also, the cat escaped, but we found him in the server room, none too happy: http://thedailywtf.com/Articles/Schrodingers-Attendee-and-more-Best-of-Emails.aspx
-
mt_rand() - the recommended PRNG - should be seeded at PHP init time
It should also be used with extreme care.
-
I'm familiar with mt_rand's general issues, but things in relation to PHP_INT_MAX are always voodooish.
Anyone who cares about decent randomness will already know about the foibles and likely won't be using PHP anyway.
I did have to demonstrate the foibles of
rand
vsmt_rand
and the factarray_rand
seems to use the base ofrand
as well to my coworkers... They were all about it.
-
It's even more fun thinking the lil' devil speaks german
-
Wait, so if you run
mt_rand()
with a max argument larger thanmt_getrandmax()
, it'll generate a number between [0, randmax] and then scales it up, leaving the lower bits at zero? Wow, that's ... pretty fucked up.
-
Isn't this almost the definition of undefined behaviour? Give a function inputs outside of what it can handle and weird things happen. Especially in PHP where everything is oddly inconsistent and 32-bit vs 64-bit has been voodoo crazy for years.
-
the definition of undefined behaviour
is
behaviour
that is
undefined
-
Hence almost.
-
But what if the cat is gone because it got bored and just up and left?
Cats are never bored of sitting in boxes.
-
Cats are never bored of sitting in boxes.
They like sitting on tables too, and sprawling out on a garage roof where they can get some sun while simultaneously keeping an eye on the local bird and squirrel population.
-
I did have to demonstrate the foibles of
rand
vsmt_rand
and the factarray_rand
seems to use the base ofrand
as well to my coworkers... They were all about it.Haven't they fixed the differences between them?
<? // Requires the GD Library header("Content-type: image/png"); $im = imagecreatetruecolor(512, 512) or die("Cannot Initialize new GD image stream"); $white = imagecolorallocate($im, 255, 255, 255); for ($y=0; $y<512; $y++) { for ($x=0; $x<512; $x++) { if (mt_rand(0,1) === 1) { imagesetpixel($im, $x, $y, $white); } } } imagepng($im); imagedestroy($im); ?>
rand()
:
mt_rand()
:
rand()
back in 2009:
-
2009 rand() is bad, but mt_rand and current rand do appear to have some remarkably regular biases
or am i the only one that can see the checkerboard patterns in those first two images?
-
shh, pay no attention to the random behind the curtain!
(The worst thing you can do with superstitious gamers, I've found, is expose to them which random number generator your dice bot uses...)
-
(The worst thing you can do with superstitious gamers, I've found, is expose to them which random number generator your dice bot uses...)
that would be why @sockbot uses random.org. if anyone complains i point them at random.org and tell them to get random.org to fix it.
:-P
-
Yes master Sultanatrix of Swypos; @RaceProUK's queen, I shall appear as summoned.
-
http requests are a to efficient dice-rolling ;)
-
Only if you roll dozens of times each second.