Random Stupidity

« Return to Article
  • yer mom 2008-03-10 10:07
    My two dice must be loaded! I get seven way more often than any other number :o
  • Trevor 2008-03-10 10:07
    So in order to increase the randomness of a number, we independently randomize each digit of a 1-100 digit, decimal, 1-100 digit number?

    I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.
  • akatherder 2008-03-10 10:13
    Random() returns increasingly randomer numbers the more you call it.
  • Bob 2008-03-10 10:15
    omfg
  • mack 2008-03-10 10:15
    awful.....just plain awful...
  • Erick 2008-03-10 10:17
    If I multiply a random by a random and then build a random string with it, then that must make it more random! What a revelation!
  • Gabriel Kiss 2008-03-10 10:20
    Erick:
    If I multiply a random by a random and then build a random string with it, then that must make it more random! What a revelation!

    yes it more random because you get a RANDOM^2 number!!!11one-eleven... and so on :)
  • DaveK 2008-03-10 10:29
    Trevor:
    So in order to increase the randomness of a number, we independently randomize each digit of a 1-100 digit, decimal, 1-100 digit number?

    I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.


    Well, since the range is so huge, I would have thought that just taking the result modulo ten should give a sufficiently even distribution; it's not like taking a 7-bit random from 0-127 modulo ten where each of the numbers 0-7 get 'one extra chance' to be picked than the others.

    However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

    ... that could take a little while.
  • Some Computer Scientist 2008-03-10 10:29
    Knuth devoted an entire section talking about random methods for generating random numbers. It boiled down to this: DON'T

    Random numbers are serious business. In cryptography, a secure random number generator can mean the difference between impossible to crack and trivial to break.

    This code is just an EPIC FAIL in every way.
  • KattMan 2008-03-10 10:31
    I know I can get even more randomer.

    Let rand return a number between 2 and 9.
    Multiply by 9.
    Add the digits of the result together.
    Subtract 5.

    This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

  • Brian S 2008-03-10 10:31
    The obvious solution would have been to set the random seed to a random value a random number of times before using Math.random to make it more randomer
  • TraumaPony 2008-03-10 10:33
    akatherder:
    Random() returns increasingly randomer numbers the more you call it.

    Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.
  • Anon 2008-03-10 10:48
    To quote Knuth:

    "Random numbers should not be generated with a method chosen at random."
  • shadowman 2008-03-10 10:54
    Trevor:
    I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.


    Well I suppose they could do answer % 10 + 1, but I'm sure they have a much more convoluted function that does the same thing.
  • gblues 2008-03-10 10:58
    Irish I were drunk too. Rowr.
  • A Nonny Mouse 2008-03-10 10:59
    Brian S:
    The obvious solution would have been to set the random seed to a random value a random number of times before using Math.random to make it more randomer


    the more i read this sentence, the less "random" looks like a proper word..
  • Colin 2008-03-10 11:03
    private int getRandomOverflowException() {
    return (int) ((Math.random() * 100) * Math.random());
    }
  • MAV 2008-03-10 11:09
    Wonder what they're doing that needs super-extra-ultra random numbers?
  • MAV 2008-03-10 11:10
    just remember. random * random = ultra-random
  • RobIII 2008-03-10 11:11
    TraumaPony:
    akatherder:
    Random() returns increasingly randomer numbers the more you call it.

    Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.


    You have *GOT* to be kidding me! Where's your sarcasm detector?

    DUDE...
  • John the incredible 2008-03-10 11:11
    Prime numbers are too predictable... Let's make sure we get less of those.
  • Geezer coder 2008-03-10 11:12

    "Wonder what they're doing that needs super-extra-ultra random numbers? "

    They are getting paid by the line of code developed.
  • Patrick 2008-03-10 11:13


    with apologies to xkcd.
  • N 2008-03-10 11:15
    I get that impression with a lot of the WTFs presented here.
  • Recycled contractor 2008-03-10 11:15
    Why not just return '1' every time?

    After all, it's theoretically possible that your perfectly-random die rolls repeated 1's. And your callers wouldn't know any different, unless they kept a history (which most don't)

    ;-)
  • Xandax 2008-03-10 11:23
    Still use Dilberts Random Number Generator:

    Nine, Nine, Nine, Nine, Nine, Nine, Nine, Nine.
  • bramster 2008-03-10 11:50
    I like to sort my random numbers.
  • Nerf Herder 2008-03-10 11:53
    KattMan:
    I know I can get even more randomer.

    Let rand return a number between 2 and 9.
    Multiply by 9.
    Add the digits of the result together.
    Subtract 5.

    This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().



    OMGZ that totally equals my birthday! It really DOES work!

    Now forward this to 20 friends or u'll have bad luck. LOLZ.
  • APH 2008-03-10 11:54
    gblues:
    Irish I were drunk too. Rowr.

    Irish she were drunk too. Rowr.

    There, fixed that for ya.
  • my name is missing 2008-03-10 11:59
    perhaps it was written by a random code generator
  • grg 2008-03-10 11:59
    actachally, taking n sequential samples from a random number generator, you may end up with a less-random number.
  • Raedwald 2008-03-10 12:07
    A little bit of knowledge is a dangerous thing.
  • Brandon 2008-03-10 12:12
    they should call those guys HD Random Numbers...for "High Degree" of Randomness. The degree increases as you multiply by more random numbers!
  • Grammar Nazi 2008-03-10 12:16
    Apostrophe's and they're use's.
  • Richard 2008-03-10 12:26
    int getRandomNumber()
    {
    int ret;
    printf("Please throw the dice that you will find under your chair and enter the result");
    scanf("%d",&ret);
    return ret;
    }
  • yer mom 2008-03-10 12:34
    /**
    
    * We all know that random number generators aren't truly random.
    * This function generates random numbers a bit more randomly by using a hardware source.
    */
    int random() {
    FILE* fp;
    char count;
    float final = 0;
    char i;

    fp = fopen("/dev/null", "r"); /* open hardware source */
    count = fgetc(fp); /* more randomly */
    for (i = 0; i < count; i++) {
    final *= ((float)fgetc(fp)) / 255.0;
    };
    };
  • kw 2008-03-10 12:38
    So, there is a 1 in 100 chance that the value left of the '.' is 0, and there is a 1 in 100 chance that the value left of the '.' will range between 1*10^100 to 9.999...*10^10 ?

    Does true randomness typically lean towards smaller values?
  • Random832 2008-03-10 12:43

    int getRandomNumber() {
    return 4; // chosen by fair dice roll, guaranteed to be random.
    }
  • me 2008-03-10 12:45
    I particularly like it how standard generators are not good enough for this "programmer" (despite using them...), but it's OK to have getRandomDigit() heavily biased against returning '9' :-)
  • RobertB 2008-03-10 12:56
    The most random thing about the code is that it's nicely obfuscated. But I think this is what's going on -- forgive me for being obvious, but I really want to know what it does so I never, EVER do it myself.

    * getRandomDigit does a pretty reliable job of returning one of the ten strings '0' through '9'... I think.

    * getRandomNumberOfDigits generates a number between 0 and 100, then multiplies it by a number between 0 and 1, generating a significantly less random number between 0 and 100. It converts it to an integer, so the number will probably be between 0 and 99. Converting to integer already does a pretty good job of de-randomizing the number, so the multiplication really just wastes clock cycles.

    * getRandomDigitString calls getRandomNumberOfDigits to see how many numbers should be in the string. However, getRandomNumberOfDigits could return zero. So it discards 1% of its randomness and equates "zero digits" to "one digit", with that digit being "0". Maybe it only eliminated 0.1% of the randomness.

    * Finally, take a nearly-random string of 1-99 numbers (with a greater than 1% chance that the string is "0"), add a decimal, add another nearly-random string of 1-99 numbers (again, good odds that the string is "0"), and cram it into a Double.

    This is about as good a WTF as you can get. The function works without error, doing exactly what it was programmed to do, but the world would be a better place if it would just throw a "YOU CAN'T BE SERIOUS" error and die.
  • KT 2008-03-10 13:09
    Richard:
    int getRandomNumber()
    {
    int ret;
    printf("Please throw the dice that you will find under your chair and enter the result");
    scanf("%d",&ret);
    return ret;
    }


    fprintf(stderr, "DICE_NOT_FOUND");
  • IV 2008-03-10 13:10
    I think a name change for the site is in order. I suggest the Daily What In Tarnation (WIT). Maybe if "wit" were explicitly in the title people would be more inclined to recognize it.

    Captcha: caecus
  • Maybe Anon 2008-03-10 13:11
    It's also final so that people can't subclass it and change his logic...

    This is a ordered version of 20 runs, note how it goes from very very small, to very very big, very very quickly. Very very.

    The numbers look about the same with thousands of runs, very small then very big. I saw a few plain "0"s too.


    0.5215661175298943
    4.134056449938214
    6.0
    87.0
    5785.430245466055
    7595.48417053833
    110939.37712878542
    488733.77795
    5.352956622495464E10
    9.462390630556685E10
    1.2070032004517574E13
    5.2092107513286E13
    9.157946886121803E13
    2.9497107991280284E25
    1.834136407474311E32
    1.7446213245558947E41
    8.45034288762292E43
    6.632080987216593E58
    8.500084477175984E67
    2.1875718001884665E72
  • sweavo 2008-03-10 13:37
    There ya go, very small and very big. How random do you want?

    It's interesting to note though, that not only do the numbers themselves vary, but so does their randomness.
  • sweavo 2008-03-10 13:45
    I asked my brian to plot a distribution curve of this, and it asplode.

    Assuming math.random is evenly distributed between 0.0 <= x < 1.0

    then number of digits is going to peak around 25 in't it?

    so then your distribution of actual values is some freaky integral of an exponential.
  • snoofle 2008-03-10 13:45
    RobertB:
    The most random thing about the code is that it's nicely obfuscated. But I think this is what's going on -- forgive me for being obvious, but I really want to know what it does so I never, EVER do it myself.

    * getRandomDigit does a pretty reliable job of returning one of the ten strings '0' through '9'... I think.

    * getRandomNumberOfDigits generates a number between 0 and 100, then multiplies it by a number between 0 and 1, generating a significantly less random number between 0 and 100. It converts it to an integer, so the number will probably be between 0 and 99. Converting to integer already does a pretty good job of de-randomizing the number, so the multiplication really just wastes clock cycles.

    * getRandomDigitString calls getRandomNumberOfDigits to see how many numbers should be in the string. However, getRandomNumberOfDigits could return zero. So it discards 1% of its randomness and equates "zero digits" to "one digit", with that digit being "0". Maybe it only eliminated 0.1% of the randomness.

    * Finally, take a nearly-random string of 1-99 numbers (with a greater than 1% chance that the string is "0"), add a decimal, add another nearly-random string of 1-99 numbers (again, good odds that the string is "0"), and cram it into a Double.

    This is about as good a WTF as you can get. The function works without error, doing exactly what it was programmed to do, but the world would be a better place if it would just throw a "YOU CAN'T BE SERIOUS" error and die.

    Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()
  • Derek 2008-03-10 13:46
    KattMan:
    I know I can get even more randomer.

    Let rand return a number between 2 and 9.
    Multiply by 9.
    Add the digits of the result together.
    Subtract 5.

    This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().



    that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.
  • tchize 2008-03-10 13:49
    Richard:
    int getRandomNumber()
    {
    int ret;
    printf("Please throw the dice that you will find under your chair and enter the result");
    scanf("%d",&ret);
    return ret;
    }


    Hey, I DID that. Didn't know random number existed, was using pascal, was years ago, one of my very first programs. You feel ashame when you discover there exist a random() function :/

    At least it wasn't professional :D
  • Nerf Herder 2008-03-10 13:49
    Derek:
    KattMan:
    I know I can get even more randomer.

    Let rand return a number between 2 and 9.
    Multiply by 9.
    Add the digits of the result together.
    Subtract 5.

    This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().



    that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.


    I think it was sarcastic.
  • Felix 2008-03-10 13:50
    This is what I would do:

    int counter = -1;
    public int getRandomInt() {
    counter++;
    switch (counter) {
    case 0:
    return 4;
    case 1:
    return 2;
    case 2:
    return 5;
    case 3:
    return 4;
    //and so on
    default:
    //this can't happen anyway....
    throw new SomeException();
    }
    }

    You just need to do a proper sizing on project start and some cheap labor to roll dice. You could even sell updates to your software supplying new randomness!
  • Matthew 2008-03-10 14:02
    int getRandomNumber()
    {
    return "moo";
    }
  • Jeremy 2008-03-10 14:03
    So some tests on this code. (converted to php)
    Average length from getRandomNumberOfDigits: 37
    Execution time for 1000 iterations: .3 seconds

    And just using rand(0, rand(0, 100))
    Average length: 50
    Execution time for 1000 iterations: .009 seconds

    On top of that I seriously doubt they actually use a 10^rand(0, 100) number, but rather trim it...


    Epic Fail!
  • Ted from Accounting 2008-03-10 14:07
  • KattMan 2008-03-10 14:12
    Derek:
    KattMan:
    I know I can get even more randomer.

    Let rand return a number between 2 and 9.
    Multiply by 9.
    Add the digits of the result together.
    Subtract 5.

    This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().



    that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.


    Because xkcd's isn't a formula, mine has to be better!
  • max 2008-03-10 14:14
    yer mom:
    My two dice must be loaded! I get seven way more often than any other number :o


    This is actually way more insightful than most people might know. The Math.random() method already generates the maximum amount of entropy in its output that it can (entropy you can think of as being a measure of randomness). By distilling a sequence of random numbers into digits, you are reducing the possible outputs from billions and billions to ten. You're reducing the ideal entropy of the function (just looking purely at the output size), so necessarily the actual entropy cannot be any greater than that (think of it sorta like the laws of thermodynamics but with bits).

    So... in short... I REALLY hope that the comment at the top about making Math.random() more random isn't what they actually thought, because the output of this function is way less random than Math.random().

    Truly, the real wtf is that they already knew about Math.random() and didn't use it. If you're doing something crypto-wise you should just use one of the well-established crypto methods like blum-blum-shubb.

    Sorry about the super verbose comment. As a crypto programmer, I just thought I'd weigh in.

    Cheers!
    - max
  • DropDeadThread 2008-03-10 14:14
    Irish I were drunk too. Rowr.

    random_comment()
  • Tony 2008-03-10 14:15
    Obviously the numbers will be even more random if you randomize the digit array first. For example:
     ... digits = { '5','9','2','1','8','4','7','3','0','6' };

  • Mike 2008-03-10 14:20
    Reminds me of this XKCD snippet:
    http://xkcd.com/221/
  • JDM 2008-03-10 14:34
    MAV:
    Wonder what they're doing that needs super-extra-ultra random numbers?


    Generating unique IDs, obviously :D
  • aHa 2008-03-10 14:37
    lolz... going by the comments, the readers of this site dont always understand the WTFs
  • zip 2008-03-10 14:40
    Mike:
    Reminds me of this XKCD snippet:
    http://xkcd.com/221/


    Wow, I can't believe no one posted that before you.

    Oh wait like 3 people did.
  • tchize 2008-03-10 14:48
    Playing with the density of values when it comes to 500000 run of that super function gives nice results.
    Here is the density curve:


    Now a slight zoom around zero, see the nice curious peaks? Well at least the got a somehow fractal function. smaller peaks are around big peaks, with smaller peaks around them, etc. A shame it stops after 100 iterations :D. Wait, it's exactly the maximum number of digits :p!


    That sure is so much better than what you get out of Math.random(), isn't it? That variations in the density is probably so bad (probably due to my naive way of calculating it, which is perfectly correct for non random generator using 100 digits in string :p!


    The calculation code, for the fun :D (Yes, i know it's a wtf, the randomizer deserves it!)
            int MAX = 500000;
    
    double[] datas = new double[MAX];
    Randomizer rnd = new Randomizer();
    for (int i=0; i < MAX; i++){
    datas[i]=rnd.random();
    }
    java.util.Arrays.sort(datas);
    for (int i=0; i< MAX;){
    int j = i;
    while (j<MAX && (datas[j]==datas[i] || (j-i)<50)) //arbitrary defined precision, minium elements to calculate a density
    j++;
    if (j>=MAX || (datas[j]==datas[i]))
    break;
    int count = j-i+1;
    double mean = 0.0;
    for (j=i;j<i+count;j++)
    mean+=datas[j];
    mean/=count;
    double density = count/(datas[i+count-1]-datas[i])/MAX;
    System.out.println(i+"\t"+mean+"\t"+density);
    i+=count;
    }
  • CTS 2008-03-10 14:50
    On many systems this isn't true. Salting the RNG is a better idea, and most systems do have that function.
  • Foo 2008-03-10 15:15
    Maybe digits change somehow on different machines, locations, times (like air pressure in different locations) or other unknown dimensions. So it might make sense to keep the set of numbers as characters. Thanks, that one made my day! ;)
  • Yuyo 2008-03-10 15:20
    Maybe a disclaimer, "This is also extremely slow and idiotic," would make it a little better for those who use the class and just have the javadoc available.
  • ParkinT 2008-03-10 15:30
    It would have been easier to simply return the number of "The real WTF.." comments on TheDailyWTF for the day.
  • Erik 2008-03-10 15:34
    Those plots generated by this wonderful function remind me a bit of an old CD Walkman I had. It was an MP3 model, one of the first, and it cost me quite a bit at the time. I would have approximately 120 songs to a CD, and they were typically albums, so 10 folders of about 12 songs each. When this was the case, the shuffle feature seemed to work just fine, but I discovered something sort of weird about it later. I had a CD with about 100 tracks, but one folder only had about 5 and the other the remaining 95.

    Those 5 tracks played WAY more often than they ought to, and I realized that the damn thing was randomly selecting a folder THEN randomly selecting a track. Those 5 songs then had a 50% chance of being played vs. the other 95! I'd have a 10% chance of hearing one of the first folder's songs, and a just-over 0.5% chance of hearing the other 95!

    All I can say is... good job Sony!
  • Kivi 2008-03-10 15:57
    tchize:
    Playing with the density of values when it comes to 500000 run of that super function gives nice results.
    (density curves and calculation code omitted)


    tchize, this is fabulous.
  • tchize 2008-03-10 16:04
    Kivi:
    tchize:
    Playing with the density of values when it comes to 500000 run of that super function gives nice results.
    (density curves and calculation code omitted)


    tchize, this is fabulous.

    Ironically, I hope :D
  • real_aardvark 2008-03-10 16:17
    On first reading this, I thought "salt!" (Amongst several other four-letter words.)

    There is a certain beauty in it, however, and for once on TDWTF it has very little to do with the code. Read the comments:

    /**
    * We all know that random number generators aren't truly random.
    * This class generates random numbers a bit more randomly.
    */
    C-style comment, proposing a lemma that is (in practice) indefensible; followed by an indefensible conclusion.

    // Allow this to be instantiated in parallel in multiple threads
    C++-style comment, ignoring the obvious distinction between "instantiated" and "used." Putting my cone-head hat on, I might want to question why there's no "serialize" here.

    Putting my OMFGWTF hat on, I'm no longer sure that I care.
  • Jake Cohen 2008-03-10 17:17
    The problem with most RNGs is that they are based on a mathematical formula.

    In a truly random number generator, the probability of any number being returned is exactly the same as the probability of any other number being returned, every time it is invoked.

    For a pseudo-RNG based on mathematical transformation of the previous value, the probability is skewed because they simply won't return the same value twice in a row. This means that given prng(N) = k, the probability that prng(N+1) = k is zero, which is against the definition of being truly random.

    Using atmospheric noise (hardware-based) is probably as close as you can get to truly random, but even that doesn't necessarily create a perfectly even distribution of probability across all its possible values. It just makes it non-deterministic in terms of the state of the software using it.
  • Steve 2008-03-10 17:24
    For the first time in a long time, I uttered an audible "WTF" when reading that code.

    Of course, that's the whole idea here, isn't it?
  • Babs 2008-03-10 17:44
    Oh, I dunno, wasting time and billing hours to the clods who outsourced the work to them in the first place?
  • vvv 2008-03-10 17:46
    a brilliant logic really - to guess the number one would need
    to guess a number of times to guess a number. Too bad that
    logic can't replace common sense and good education, ie. one that at least includes math.
  • Robin Goodfellow 2008-03-10 17:59
    The WTF here is that this code is actually way less random than even a poor random number generator. Consider that in any given range of numbers up to X digits long there are far more numbers of higher digits than there are of lower digits. For example, there are only 10 1-digit numbers, but there are 90 2-digit numbers. This algorithm, however, gives equal probability to producing numbers of any given length up to the maximum number of digits. Meaning there is an equal chance of producing a 1-digit number as there is of producing a 10-digit number. Which is not ideal. If this algorithm were actually used in a high security environment it would represent a severe vulnerability.
  • letatio 2008-03-10 18:23
    Noooo!!!! Somone leaked my RSA hash random function!!!! ahhhhhhhhhhhhhhhhhhhhhhhhhhh
  • Phantom Watson 2008-03-10 18:24
    "in it's entirety"? Tsk, tsk.
  • tin 2008-03-10 18:43
    Erik:
    <snip stuff about lack of randomness on Sony CD player> All I can say is... good job Sony!


    Well, at least that explains the root-kit thing.... Sort of.
  • tin 2008-03-10 18:44
    MAV:
    Wonder what they're doing that needs super-extra-ultra random numbers?


    Super extra ultra random security algorithms of course.
  • AdT 2008-03-10 18:50
    This code is not so bad. It could be improved, of course. For one, the number of decimal points should be randomized as well. One is so very predictable.

    Second, it should throw random exceptions with randomized lorem ipsum error messages to throw off malicious callers.

    Third, the number system should be randomized, using a random alphabet and a random parse function instead of Double.parseDouble. This parse function should pretend to parse the input, but may randomly return something else entirely, like the above mentioned 999999. The caller can never be sure what's actually returned. You cannot be too paranoid after all.

    And now for something completely different...

    Melchett: Now, Field Marshal Haig has formulated a brilliant tactical plan to ensure final victory in the field

    Blackadder: Would this brilliant plan involve us climbing over the top of our trenches and walking, very slowly towards the enemy?

    Darling: How did you know that Blackadder? It's classified information

    Blackadder: It's the same plan we used last time, and the seventeen times before that

    Melchett: E-e-exactly! And that is what is so brilliant about it. It will catch the watchful Hun totally off guard. Doing exactly what we've done eighteen times before will be the last thing they expect us to do this time.
  • China 2008-03-10 19:03
    Saw this in a C++ cookbook once:
    1) generate lots of random numbers (e.g. 1000)
    2) put those random numbers into an array
    3) when you need a random number
    3.1) generate a random number in the range 0-array.size
    3.2) use the number in the array as your random number, scaling as necessary
    3.3) generate a new random number for that place in the array

    Use the same singleton random number generator for all steps - takes advantage of 'random number generators get more random over time'.

    Discuss.
  • Not very random at all 2008-03-10 19:11
    Jukebox in a pub played the least-played tracks when nobody put any money in - sort of a punishment for not enriching the jukebox company. Those were the 3 most played songs on the machine.
  • Some guy 2008-03-10 19:15
    A secondary WTF is inefficient object/memory usage. Why isn't he passing the StringBuilder object to the private methods?!
  • dusoft 2008-03-10 19:49
    that's randomly secret.
  • wtfpimp 2008-03-10 21:21
    Haha... the best part is where they go (rand * 100) * rand thereby totally ruining an equal distribution. Fools!
  • James 2008-03-10 22:27
    Way back, many years ago, a friend of mine in college was stumped on a multiple choice test. So, he pulled out his dice bag, snagged a d4, and randomly answered some questions.
  • Cris 2008-03-11 00:37
    Have they heard of /dev/urandom?
  • Richard Neill 2008-03-11 01:09
    Well, it does do at least 2 slightly "useful" things:

    (1)It doesn't actually do any real harm by discarding entropy.

    (2)It changes the distribution from which the random numbers are drawn, from linear to (truncated) logarithmic.
  • iMalc 2008-03-11 01:39
    Truly astounding!

    Quadratic distribution of the number of digits??? Where do people come up with this stuff...
  • iMalc 2008-03-11 01:48
    Richard Neill:
    Well, it does do at least 2 slightly "useful" things:

    (1)It doesn't actually do any real harm by discarding entropy.

    (2)It changes the distribution from which the random numbers are drawn, from linear to (truncated) logarithmic.
    Wrong. It does harm by shortening the length of the period until repetition of the pseudo random number sequence.
  • Bozo 2008-03-11 02:07
    Shes friggin hot eh

    (don't tell my gf i just said that)

    :]
  • Bozo 2008-03-11 02:07
    Bozo:
    Shes friggin hot eh

    (don't tell my gf i just said that)

    :]



    the irish i were drunk chick i mean ;]
  • Raw 2008-03-11 03:24
    Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()


    Actually, it can, and this algorithm actually does it, in a extremely backwards way.

    What am I talking about?

    Well, most random number generators I've seen in various languages have a limited resolution. Just because they generate a random number with a bunch of decimals does not mean that they are able to generate every number in that interval. Sure, if you are just goint to scale it up to 1-100, it's no problem, but once you try to scale it up to, say 1-1000 000, you'll notice that, no matter how long you run them, some results will never, ever show up. In some cases, it's even noticable in a scale of 1-10 000 or less.

    OK, I admit, I've not tried it to the point of "never ever", but close enough. In most cases, you can even see patterns where these "holes" are going to appear. For instance, in some archaic version of C, getting random X and Y coordinates and plotting them on a white screen as black pixels generated a black screen with thin white stripes going diagonally down the screen.

    If you need such a resolution, another algorithm is needed. One variant is the one used here, to piece it together from random digits, as that only relies on having a resolution capable of handling ten cases.

    Another, variant, which is faster and simpler, but not guaranteed to be perfect, is to add a bunch of random numbers and wrap if they overflow. This can be made less likely to have holes by adding gradually smaller numbers, thus using the sufficient resolution of a smaller span to plug the holes. This algorith still can't guarantee an even distribution of all results, but at least all results are likely to appear in the resulting data set if run long enough.

    In other words, the thought behind the code in this WTF is sound, but the implementation of it is effed up.
  • Tiran Kenja 2008-03-11 03:57
    Hmm.

    I suppose java.security.SecureRandom wasn't random enough either.

    Maybe it's time to build an external USB random generator. I'm thinking something that actually throws a dice and reads the output ;) Anyone who REALLY wants random numbers would have to get one.
  • N Morrison 2008-03-11 04:00
    The greatest WTF in this is that the code author doesn't know that attempts to create more random numbers almost always result in numbers that are less random - unless you are Knuth. Similarly, attempts by the untrained to write sort routines usually result in a bad bubble sort.
  • Jos 2008-03-11 05:26
    I know how to make this *really* random! Let a 2 year old (or similar, like a monkey wih darts) shuffle the array with digits! Now THAT would really achieve randomness...
  • DOA 2008-03-11 06:07
    I'm tired of these novice approaches to random number generation. Here's how you do it:

    1) get a (pseudo)random number.
    2) Multiply by the number of degrees of the angle that Venus , Hermes and Earth form at that moment. Needless to say we're talking about the angle at the Earth node of the triangle.
    3) Subtract the the number of geese presently in flight in your country's air space.
    4) Add the number of milliliters of gas present in Bill Gates' lower intestine.
    5) Divide by the distance from your PC (front left-hand corner of case) to Neil Armstrong's footprint on the moon (toes). Distance to be measured in number of Hindenberg zeppelin lengths (pre-crash).
    6) Add the chances of you marrying a supermodel.
    7) Multiply by the number of Google hits for the word "Nazi".
    8) Random number!!

    Amateurs...
  • Anonymous 2008-03-11 06:31
    bramster:
    I like to sort my random numbers.

    And don't forget to use the "random sort" algorithm:


    void sort(List numbers) {
    do shuffle(numbers);
    while (!sorted(numbers));
    }

    void shuffle(List numbers) {
    // typical algorithm to shuffle the list of numbers,
    // calling rand() to make it result random
    }

    boolean sorted(List numbers) {
    // check if the list of numbers is in sorted order;
    // if so, return true; else return false
    }


    :D
  • Anonymous 2008-03-11 06:37
    yer mom:
    /**
    
    * We all know that random number generators aren't truly random.
    * This function generates random numbers a bit more randomly by using a hardware source.
    */
    int random() {
    FILE* fp;
    char count;
    float final = 0;

    Well... leaving out the =0 part would make the result more arbitrary (but not more random)...

    yer mom:

    char i;

    fp = fopen("/dev/null", "r"); /* open hardware source */
    count = fgetc(fp); /* more randomly */
    for (i = 0; i < count; i++) {
    final *= ((float)fgetc(fp)) / 255.0;
    };
    };


    Um... with a compiler that doen't warn you against missing return statements, you'll get quite arbitrary (but not random) return values from this function.

  • Anonymous 2008-03-11 06:39
    kw:
    So, there is a 1 in 100 chance that the value left of the '.' is 0, and there is a 1 in 100 chance that the value left of the '.' will range between 1*10^100 to 9.999...*10^10 ?

    Does true randomness typically lean towards smaller values?


    But random =/=> uniform distribution!

    What do you mean "true randomness"? Guassian noise (as you would get with any physical measurement) is not "true randomness"?
  • Cope with IT 2008-03-11 06:41
    Erik:
    All I can say is... good job Sony!
    It's a trick, it's not a Sony...
  • Anonymous 2008-03-11 06:51
    snoofle:

    Hi there - OP here. I can't believe nobody mentioned that

    Because what you say below is wrong:

    snoofle:
    no routine
    that depends upon a random number generator can ever really be any
    more random than the underlying generator being used. In other words,
    assuming that the routine is implemented perfectly (as many have
    pointed out, it's not), it can never be any more random than:
    Math.random()


    What do you mean by "more random"? Is Gaussian distribution or Poisson distribution "less random" than uniform distribution? Why? By what measures?


    N.B. For simulations, I've written code (well... adopting/copying from pseudocode of pretty standard and known to be correct and fast algorithms) that generates random numbers with Gaussian distribution and Poisson distribution (as well as others). This is a very typical use of non-uniformly distributed random numbers. These algorithms use a uniformly distributed random number generator as a source. So, the quality of the generated numbers is delegated to quality of the source generator, and pretty good ones can be found. (On Linux, this can be based on /dev/random -- a true source of randomness.) Are you saying that an exponentially distributed random number generated algorithmically from a uniformly distributed random number source (of high quality) is "not very random"?

  • Thief^ 2008-03-11 06:52
    Raw:
    Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()


    Actually, it can, and this algorithm actually does it, in a extremely backwards way.

    No, it won't be more random, because the source generator generates a specific sequence of numbers, and using successive calls to build one number guarantees that parts of the number are based on other parts.

    Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.

    Putting these together means that even if implemented optimally, doing this is just a tradeoff between length of random number and the "randomness" of the number.

    If you want random numbers from -inf to +inf, better to just use a random generator that outputs 64 bits of random and reinterpret it as a double (handling NaNs etc as necessary).
  • NeoMojo 2008-03-11 06:55
    You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

    Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

    For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1. Once it reaches the maximum value reset it to 0.

    Obviously if you want to get a number in the range 0->X then divide the value in the row by the maximum value and multiply by X.

    Ultra Random!
  • mrbungle 2008-03-11 07:15
    I remember with pretty good privacy, to generate a private key, you were given the option of mashing the keyboard to create a random number. If I recall correctly, it used the milliseconds(modulo some number < human reaction time) to seed a random number generator.

    I can recall that a few cracks came out for rsa, because it was possible to reduce the search number space by a few orders of magnitude by exploiting limitations in random number generators of the machine that made the private key.
    This is why pgp implemented this random number generator.
    For typical statistical and engineering programming, though, I think the standard random functions would be fine.
  • TraumaPony 2008-03-11 08:29
    RobIII:
    TraumaPony:
    akatherder:
    Random() returns increasingly randomer numbers the more you call it.

    Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.


    You have *GOT* to be kidding me! Where's your sarcasm detector?

    DUDE...


    It went to sleep four hours before I posted.
  • Dave 2008-03-11 08:35
    You pay peanuts, you get monkeys - sometimes literally.

    They are cheap, right?

  • SozzlyJoe 2008-03-11 09:33
    You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

    Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

    For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1


    I think that's what we call a "page counter"
  • Kanzi 2008-03-11 09:52
    I think they should just use my 4dc5 sequence:

    http://dudegalea.co.uk/articles/4dc5.html

    which is clearly random by definition, and therefore brillant. :-)
  • SCB 2008-03-11 10:44
    Anonymous:
    bramster:
    I like to sort my random numbers.

    And don't forget to use the "random sort" algorithm:


    void sort(List numbers) {
    do shuffle(numbers);
    while (!sorted(numbers));
    }

    void shuffle(List numbers) {
    // typical algorithm to shuffle the list of numbers,
    // calling rand() to make it result random
    }

    boolean sorted(List numbers) {
    // check if the list of numbers is in sorted order;
    // if so, return true; else return false
    }


    :D

    http://en.wikipedia.org/wiki/Bogosort
  • Dhericean 2008-03-11 11:15
    Thief^:
    Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.


    Of course if they are worried about repetition then simply implement a RNG that has a larger period. I would recomment the Mersenne Twister MT19937(http://en.wikipedia.org/wiki/Mersenne_twister) with its period of 2^19937 - 1. Then they could generate as many of these dooper-random numbers without repetition (at least in this universal lifetime).

    The code for implementation is available in a number of different languages. Not cryptographically secure in its basic form, but ideal for large sample monte carlo simulation type uses.

    This comment brought to you by the society to ruin the joke by being serious ;)
  • Pepe 2008-03-11 12:23
    And just in case it isn't enough to compound Random(), re-entrancy issues will probably introduce their own unpredictability in this...
  • NeoMojo 2008-03-11 12:33
    SozzlyJoe:
    You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

    Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

    For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1


    I think that's what we call a "page counter"


    Not after I send my application off to the USPTO!
  • ap 2008-03-11 14:00
    In case anyone missed it, the major wtf here is that the distribution represented by this class is NOT the uniform distribution (which most people expect -- be as likely to return "1" as "100001"). In particular, shorter numbers are more likely to occur than longer ones (because the length is chosen from a uniform distribution and then each digit is chosen independently from a uniform distribution).

    While the programming isn't stellar, the real problem here is the author's complete and utter misunderstanding of "randomness". Hopefully they're not doing anything dependent on good random numbers!
  • Max 2008-03-11 16:18
    Lollollollollllloooll
    If they aren't random then why use them?
  • Guru 2008-03-11 18:01
    This does not change the randomness but the probability density function. If Math.random() is uniformly distributed, this function returns logarithmic distributed random values (which is probably not intended by the author).
  • vidar712 2008-03-11 21:11
    Why don't they just do this?

    int Random()
    {
    Return Random();
    }
  • Anonymous 2008-03-11 21:49
    vidar712:
    Why don't they just do this?

    int Random()
    {
    Return Random();
    }

    B'cos it doesn't compile! :)
  • AC 2008-03-11 23:52
    DaveK:
    Well, since the range is so huge, I would have thought that just taking the result modulo ten should give a sufficiently even distribution; it's not like taking a 7-bit random from 0-127 modulo ten where each of the numbers 0-7 get 'one extra chance' to be picked than the others.

    However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

    ... that could take a little while.


    Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?
  • Anonymous 2008-03-12 01:34
    AC:
    DaveK:
    However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

    ... that could take a little while.


    Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?


    Who knows? Of course, man (not just God) knows.

    Let Y be the no. of time that Math.Random() gets executed in a call of this code fragment.
    Assume the precondition x>10 upon entry.
    Assume further that Math.Random()*10000000000 returns an integer between 0 and 999999999 (inclusively) with even distribution.

    Then, Y is a geometrically distributed random variable, with P(Y=1) = 1e-9, P(Y=2) = (1 - 1e-9) * 1e-9, ...
    In general,

    P(Y=y) = 1e-9 * (1 - 1e-9)^(y-1)

    The mean of Y is E(Y) = 1/1e-9 = 1e9 = 1000000000. i.e. the body of the loop runs 1000000000 times on average, under the assumptions stated above.
  • Anon 2008-03-12 02:03
    I love the comment next to the standard Java constructor. Yeah, dude, your constructor is TOTALLY there for parallelization and you're not just throwing that in to look badass. Suuure.
  • Randy 2008-03-12 06:40
    Especially when you call it at random!
  • Jeff 2008-03-12 11:00
    I think it's for their next step.... the Random namespace, which includes the Random class, so they can add it all to their Random app.
  • snarky 2008-03-12 11:58
    I take it the coder hasn't heard about random.org.
  • Phil 2008-03-12 19:53
    why not use a secure random number generator if it matters that much?
  • WildTurkey101 2008-03-13 01:49
    Randomness haiku:

    what will be will be

    randomness is illusion

    perception's limit
  • oh 2008-03-14 09:39
    at least your offshore guys write better code than mine. I would be proud if mine could write that.
  • Jim In Ottawa 2008-03-14 12:00
    The best part is that it runs in parallel. So parallel streams will have potentially similar seeds in the random number generator meaning high correlation between the parallel random number generators.
  • Suxx0r 2008-03-15 06:24
    It does not return logarithmically distributed function! Didn't you see the graphs tchize brought: http://img142.imageshack.us/my.php?image=density1ia8.png

    ???

    The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.

    Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..
  • real_aardvark 2008-03-15 14:14
    snarky:
    I take it the coder hasn't heard about random.org.

    I tried typing that in to my browser, but the letters got all muddled up.

    Can I borrow an infinite number of monkeys, please?
  • random reader 2008-03-15 18:30
    why don't you fill an array of numbers generated by a prng,
    pick an index within this array by an prng,
    use this the number at this index as seed for your prng,
    and still be as random as your prng is ?

  • Random Observer 2008-03-16 11:54
    This must be a spoof.
    What offshore code has a comment? Much less one that well written?
  • Gordon 2008-03-17 16:40
    Suxx0r:
    It does not return logarithmically distributed function! Didn't you see the graphs tchize brought: http://img142.imageshack.us/my.php?image=density1ia8.png

    The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.

    Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..


    Actually, it is sorta kinda logarithmic. I used this algorithm as way to learn how to use some data analysis software -- I generated about 100000 samples and plotted a histogram of the results. When you look at the results on a log-log scale, it looks remarkably linear.

    However, looking more deeply, a pattern emerges that should have been obvious from looking at the code. The numbers are uniformly random with each decade (i.e. uniform between 1 and 10, and between 10 and 100, and between 100 and 1000, etc.). However, the probability density within any given decade is 10 times higher than the next decade, i.e. the density of numbers between 1 and 10 is ten times greater than the density between 10 and 100, which is in turn ten times greater than between 100 and 1000, etc. As I said, this should have been obvious from the start, but I didn't realize it until I started playing with the analysis software and looking at details of the distribution.

    Note: The distribution is not comparable to squaring a continuous random variable: random*random is not the same as (random)**2. Nor is the distribution fractal-shaped -- again, it's stepwise linear with the steps being logarithmically distributed along both axes.
  • juyjjh 2008-03-20 03:37
    The best rated mp3 players are a quick and easy way to reduce the all range of players to just a few you're most likely to prefer.
    cheap mp3 player By learning from the feedback of other people, you can more easily find the pros and cons of those mp3 devices.
    buy mp3 player After all, the best rated mp3 players have been approved by thousand of people out there, The task of choosing a single mp3 player from the thousands of different brand/models out there might seem daunting at first.
    mp3 player Even after removing all those that don't suit you, you'll still be looking at a dozen or more, By searching the best rated mp3 players, you'll easily find those that have already been tested by many mp3 users out there.
    MP3 PLAYER kaufen It will certainly give you a more accurate ideas you'd only be aware after you buy one,
    While sometimes the best for everyone is not the best for you.
    mp3 player other times it will prove to be a precious ally when you're trying to choose between a couple of mp3 players.
    mp3 By taking a careful look at the best rated mp3 players, it's like having thousand of friends letting you know their opinion.
  • Oded 2008-03-22 19:37
    This is actually not as bad as it seems - inefficient as all hell, but assuming your seed your RNG properly (it isn't in the listing, but it can be done outside this code easily), then you get this:
    - getRandomNumberOfDigits() is pretty stupid as no matter how many times you are calling Math.random() you'll only get 6.6 bits of entropy, but it doesn't matter much:
    - its hard to analyze the output of getRandomDigitString() as the amount of entropy you get out of it varies from call to call, but assuming that on average you'll get 50 digits then the result of random() would have on average 2*(50*3.3) = 330 bits of entropy, which isn't half bad considering Math.random() generates a predictable 53 bits of entropy per call.

    The problem is of course (again, aside from the inefficiencies) that you are going to get a random amount of entropy from each call (a random amount of randomness if you will) which can be very little - as low as a few bits, especially with the first few calls if you haven't seeded your RNG - which is not what you want when you want to be secure in your randomness
  • Peter 2008-08-12 00:34
    Nah, they'd just pick up the 3 and 7 and smack them together a bunch.
  • Manuel 2008-08-17 15:57
    hmm...let me guess, that was a Debian Maintainer?