My two dice must be loaded! I get seven way more often than any other number :o

Trevor2008-03-10 10:07

So in order to increase the randomness of a number, we independently randomize each digit of a 1-100 digit, decimal, 1-100 digit number?

I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.

akatherder2008-03-10 10:13

Random() returns increasingly randomer numbers the more you call it.

Bob2008-03-10 10:15

omfg

mack2008-03-10 10:15

awful.....just plain awful...

Erick2008-03-10 10:17

If I multiply a random by a random and then build a random string with it, then that must make it more random! What a revelation!

Gabriel Kiss2008-03-10 10:20

Erick:

If I multiply a random by a random and then build a random string with it, then that must make it more random! What a revelation!

yes it more random because you get a RANDOM^2 number!!!11one-eleven... and so on :)

DaveK2008-03-10 10:29

Trevor:

So in order to increase the randomness of a number, we independently randomize each digit of a 1-100 digit, decimal, 1-100 digit number?

I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.

Well, since the range is so huge, I would have thought that just taking the result modulo ten should give a sufficiently even distribution; it's not like taking a 7-bit random from 0-127 modulo ten where each of the numbers 0-7 get 'one extra chance' to be picked than the others.

However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

... that could take a little while.

Some Computer Scientist2008-03-10 10:29

Knuth devoted an entire section talking about random methods for generating random numbers. It boiled down to this: DON'T

Random numbers are serious business. In cryptography, a secure random number generator can mean the difference between impossible to crack and trivial to break.

This code is just an EPIC FAIL in every way.

KattMan2008-03-10 10:31

I know I can get even more randomer.

Let rand return a number between 2 and 9.
Multiply by 9.
Add the digits of the result together.
Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

Brian S2008-03-10 10:31

The obvious solution would have been to set the random seed to a random value a random number of times before using Math.random to make it more randomer

TraumaPony2008-03-10 10:33

akatherder:

Random() returns increasingly randomer numbers the more you call it.

Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.

Anon2008-03-10 10:48

To quote Knuth:

"Random numbers should not be generated with a method chosen at random."

shadowman2008-03-10 10:54

Trevor:

I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.

Well I suppose they could do answer % 10 + 1, but I'm sure they have a much more convoluted function that does the same thing.

gblues2008-03-10 10:58

Irish I were drunk too. Rowr.

A Nonny Mouse2008-03-10 10:59

Brian S:

The obvious solution would have been to set the random seed to a random value a random number of times before using Math.random to make it more randomer

the more i read this sentence, the less "random" looks like a proper word..

Wonder what they're doing that needs super-extra-ultra random numbers?

MAV2008-03-10 11:10

just remember. random * random = ultra-random

RobIII2008-03-10 11:11

TraumaPony:

akatherder:

Random() returns increasingly randomer numbers the more you call it.

Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.

You have *GOT* to be kidding me! Where's your sarcasm detector?

DUDE...

John the incredible2008-03-10 11:11

Prime numbers are too predictable... Let's make sure we get less of those.

Geezer coder2008-03-10 11:12

"Wonder what they're doing that needs super-extra-ultra random numbers? "

They are getting paid by the line of code developed.

Patrick2008-03-10 11:13

with apologies to xkcd.

N2008-03-10 11:15

I get that impression with a lot of the WTFs presented here.

Recycled contractor2008-03-10 11:15

Why not just return '1' every time?

After all, it's theoretically possible that your perfectly-random die rolls repeated 1's. And your callers wouldn't know any different, unless they kept a history (which most don't)

;-)

Xandax2008-03-10 11:23

Still use Dilberts Random Number Generator:

Nine, Nine, Nine, Nine, Nine, Nine, Nine, Nine.

bramster2008-03-10 11:50

I like to sort my random numbers.

Nerf Herder2008-03-10 11:53

KattMan:

I know I can get even more randomer.

Let rand return a number between 2 and 9.
Multiply by 9.
Add the digits of the result together.
Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

OMGZ that totally equals my birthday! It really DOES work!

Now forward this to 20 friends or u'll have bad luck. LOLZ.

APH2008-03-10 11:54

gblues:

Irish I were drunk too. Rowr.

Irish she were drunk too. Rowr.

There, fixed that for ya.

my name is missing2008-03-10 11:59

perhaps it was written by a random code generator

grg2008-03-10 11:59

actachally, taking n sequential samples from a random number generator, you may end up with a less-random number.

Raedwald2008-03-10 12:07

A little bit of knowledge is a dangerous thing.

Brandon2008-03-10 12:12

they should call those guys HD Random Numbers...for "High Degree" of Randomness. The degree increases as you multiply by more random numbers!

Grammar Nazi2008-03-10 12:16

Apostrophe's and they're use's.

Richard2008-03-10 12:26

int getRandomNumber()
{
int ret;
printf("Please throw the dice that you will find under your chair and enter the result");
scanf("%d",&ret);
return ret;
}

yer mom2008-03-10 12:34

/**
* We all know that random number generators aren't truly random.
* This function generates random numbers a bit more randomly by using a hardware source.
*/
int random() {
FILE* fp;
char count;
float final = 0;
char i;

fp = fopen("/dev/null", "r"); /* open hardware source */
count = fgetc(fp); /* more randomly */
for (i = 0; i < count; i++) {
final *= ((float)fgetc(fp)) / 255.0;
};
};

kw2008-03-10 12:38

So, there is a 1 in 100 chance that the value left of the '.' is 0, and there is a 1 in 100 chance that the value left of the '.' will range between 1*10^100 to 9.999...*10^10 ?

Does true randomness typically lean towards smaller values?

Random8322008-03-10 12:43

int getRandomNumber() {
return 4; // chosen by fair dice roll, guaranteed to be random.
}

me2008-03-10 12:45

I particularly like it how standard generators are not good enough for this "programmer" (despite using them...), but it's OK to have getRandomDigit() heavily biased against returning '9' :-)

RobertB2008-03-10 12:56

The most random thing about the code is that it's nicely obfuscated. But I think this is what's going on -- forgive me for being obvious, but I really want to know what it does so I never, EVER do it myself.

* getRandomDigit does a pretty reliable job of returning one of the ten strings '0' through '9'... I think.

* getRandomNumberOfDigits generates a number between 0 and 100, then multiplies it by a number between 0 and 1, generating a significantly less random number between 0 and 100. It converts it to an integer, so the number will probably be between 0 and 99. Converting to integer already does a pretty good job of de-randomizing the number, so the multiplication really just wastes clock cycles.

* getRandomDigitString calls getRandomNumberOfDigits to see how many numbers should be in the string. However, getRandomNumberOfDigits could return zero. So it discards 1% of its randomness and equates "zero digits" to "one digit", with that digit being "0". Maybe it only eliminated 0.1% of the randomness.

* Finally, take a nearly-random string of 1-99 numbers (with a greater than 1% chance that the string is "0"), add a decimal, add another nearly-random string of 1-99 numbers (again, good odds that the string is "0"), and cram it into a Double.

This is about as good a WTF as you can get. The function works without error, doing exactly what it was programmed to do, but the world would be a better place if it would just throw a "YOU CAN'T BE SERIOUS" error and die.

KT2008-03-10 13:09

Richard:

int getRandomNumber()
{
int ret;
printf("Please throw the dice that you will find under your chair and enter the result");
scanf("%d",&ret);
return ret;
}

fprintf(stderr, "DICE_NOT_FOUND");

IV2008-03-10 13:10

I think a name change for the site is in order. I suggest the Daily What In Tarnation (WIT). Maybe if "wit" were explicitly in the title people would be more inclined to recognize it.

Captcha: caecus

Maybe Anon2008-03-10 13:11

It's also final so that people can't subclass it and change his logic...

This is a ordered version of 20 runs, note how it goes from very very small, to very very big, very very quickly. Very very.

The numbers look about the same with thousands of runs, very small then very big. I saw a few plain "0"s too.

There ya go, very small and very big. How random do you want?

It's interesting to note though, that not only do the numbers themselves vary, but so does their randomness.

sweavo2008-03-10 13:45

I asked my brian to plot a distribution curve of this, and it asplode.

Assuming math.random is evenly distributed between 0.0 <= x < 1.0

then number of digits is going to peak around 25 in't it?

so then your distribution of actual values is some freaky integral of an exponential.

snoofle2008-03-10 13:45

RobertB:

The most random thing about the code is that it's nicely obfuscated. But I think this is what's going on -- forgive me for being obvious, but I really want to know what it does so I never, EVER do it myself.

* getRandomDigit does a pretty reliable job of returning one of the ten strings '0' through '9'... I think.

* getRandomNumberOfDigits generates a number between 0 and 100, then multiplies it by a number between 0 and 1, generating a significantly less random number between 0 and 100. It converts it to an integer, so the number will probably be between 0 and 99. Converting to integer already does a pretty good job of de-randomizing the number, so the multiplication really just wastes clock cycles.

* getRandomDigitString calls getRandomNumberOfDigits to see how many numbers should be in the string. However, getRandomNumberOfDigits could return zero. So it discards 1% of its randomness and equates "zero digits" to "one digit", with that digit being "0". Maybe it only eliminated 0.1% of the randomness.

* Finally, take a nearly-random string of 1-99 numbers (with a greater than 1% chance that the string is "0"), add a decimal, add another nearly-random string of 1-99 numbers (again, good odds that the string is "0"), and cram it into a Double.

This is about as good a WTF as you can get. The function works without error, doing exactly what it was programmed to do, but the world would be a better place if it would just throw a "YOU CAN'T BE SERIOUS" error and die.

Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()

Derek2008-03-10 13:46

KattMan:

I know I can get even more randomer.

Let rand return a number between 2 and 9.
Multiply by 9.
Add the digits of the result together.
Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.

tchize2008-03-10 13:49

Richard:

int getRandomNumber()
{
int ret;
printf("Please throw the dice that you will find under your chair and enter the result");
scanf("%d",&ret);
return ret;
}

Hey, I DID that. Didn't know random number existed, was using pascal, was years ago, one of my very first programs. You feel ashame when you discover there exist a random() function :/

At least it wasn't professional :D

Nerf Herder2008-03-10 13:49

Derek:

KattMan:

I know I can get even more randomer.

Let rand return a number between 2 and 9.
Multiply by 9.
Add the digits of the result together.
Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.

I think it was sarcastic.

Felix2008-03-10 13:50

This is what I would do:

int counter = -1;
public int getRandomInt() {
counter++;
switch (counter) {
case 0:
return 4;
case 1:
return 2;
case 2:
return 5;
case 3:
return 4;
//and so on
default:
//this can't happen anyway....
throw new SomeException();
}
}

You just need to do a proper sizing on project start and some cheap labor to roll dice. You could even sell updates to your software supplying new randomness!

Matthew2008-03-10 14:02

int getRandomNumber()
{
return "moo";
}

Jeremy2008-03-10 14:03

So some tests on this code. (converted to php)
Average length from getRandomNumberOfDigits: 37
Execution time for 1000 iterations: .3 seconds

And just using rand(0, rand(0, 100))
Average length: 50
Execution time for 1000 iterations: .009 seconds

On top of that I seriously doubt they actually use a 10^rand(0, 100) number, but rather trim it...

Epic Fail!

Ted from Accounting2008-03-10 14:07

KattMan2008-03-10 14:12

Derek:

KattMan:

I know I can get even more randomer.

Let rand return a number between 2 and 9.
Multiply by 9.
Add the digits of the result together.
Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.

Because xkcd's isn't a formula, mine has to be better!

max2008-03-10 14:14

yer mom:

My two dice must be loaded! I get seven way more often than any other number :o

This is actually way more insightful than most people might know. The Math.random() method already generates the maximum amount of entropy in its output that it can (entropy you can think of as being a measure of randomness). By distilling a sequence of random numbers into digits, you are reducing the possible outputs from billions and billions to ten. You're reducing the ideal entropy of the function (just looking purely at the output size), so necessarily the actual entropy cannot be any greater than that (think of it sorta like the laws of thermodynamics but with bits).

So... in short... I REALLY hope that the comment at the top about making Math.random() more random isn't what they actually thought, because the output of this function is way less random than Math.random().

Truly, the real wtf is that they already knew about Math.random() and didn't use it. If you're doing something crypto-wise you should just use one of the well-established crypto methods like blum-blum-shubb.

Sorry about the super verbose comment. As a crypto programmer, I just thought I'd weigh in.

Cheers!
- max

DropDeadThread2008-03-10 14:14

Irish I were drunk too. Rowr.

random_comment()

Tony2008-03-10 14:15

Obviously the numbers will be even more random if you randomize the digit array first. For example:

Reminds me of this XKCD snippet:
http://xkcd.com/221/

JDM2008-03-10 14:34

MAV:

Wonder what they're doing that needs super-extra-ultra random numbers?

Generating unique IDs, obviously :D

aHa2008-03-10 14:37

lolz... going by the comments, the readers of this site dont always understand the WTFs

zip2008-03-10 14:40

Mike:

Reminds me of this XKCD snippet:
http://xkcd.com/221/

Wow, I can't believe no one posted that before you.

Oh wait like 3 people did.

tchize2008-03-10 14:48

Playing with the density of values when it comes to 500000 run of that super function gives nice results.
Here is the density curve:

Now a slight zoom around zero, see the nice curious peaks? Well at least the got a somehow fractal function. smaller peaks are around big peaks, with smaller peaks around them, etc. A shame it stops after 100 iterations :D. Wait, it's exactly the maximum number of digits :p!

That sure is so much better than what you get out of Math.random(), isn't it? That variations in the density is probably so bad (probably due to my naive way of calculating it, which is perfectly correct for non random generator using 100 digits in string :p!

The calculation code, for the fun :D (Yes, i know it's a wtf, the randomizer deserves it!)

int MAX = 500000;
double[] datas = new double[MAX];
Randomizer rnd = new Randomizer();
for (int i=0; i < MAX; i++){
datas[i]=rnd.random();
}
java.util.Arrays.sort(datas);
for (int i=0; i< MAX;){
int j = i;
while (j<MAX && (datas[j]==datas[i] || (j-i)<50)) //arbitrary defined precision, minium elements to calculate a density
j++;
if (j>=MAX || (datas[j]==datas[i]))
break;
int count = j-i+1;
double mean = 0.0;
for (j=i;j<i+count;j++)
mean+=datas[j];
mean/=count;
double density = count/(datas[i+count-1]-datas[i])/MAX;
System.out.println(i+"\t"+mean+"\t"+density);
i+=count;
}

CTS2008-03-10 14:50

On many systems this isn't true. Salting the RNG is a better idea, and most systems do have that function.

Foo2008-03-10 15:15

Maybe digits change somehow on different machines, locations, times (like air pressure in different locations) or other unknown dimensions. So it might make sense to keep the set of numbers as characters. Thanks, that one made my day! ;)

Yuyo2008-03-10 15:20

Maybe a disclaimer, "This is also extremely slow and idiotic," would make it a little better for those who use the class and just have the javadoc available.

ParkinT2008-03-10 15:30

It would have been easier to simply return the number of "The real WTF.." comments on TheDailyWTF for the day.

Erik2008-03-10 15:34

Those plots generated by this wonderful function remind me a bit of an old CD Walkman I had. It was an MP3 model, one of the first, and it cost me quite a bit at the time. I would have approximately 120 songs to a CD, and they were typically albums, so 10 folders of about 12 songs each. When this was the case, the shuffle feature seemed to work just fine, but I discovered something sort of weird about it later. I had a CD with about 100 tracks, but one folder only had about 5 and the other the remaining 95.

Those 5 tracks played WAY more often than they ought to, and I realized that the damn thing was randomly selecting a folder THEN randomly selecting a track. Those 5 songs then had a 50% chance of being played vs. the other 95! I'd have a 10% chance of hearing one of the first folder's songs, and a just-over 0.5% chance of hearing the other 95!

All I can say is... good job Sony!

Kivi2008-03-10 15:57

tchize:

Playing with the density of values when it comes to 500000 run of that super function gives nice results.
(density curves and calculation code omitted)

tchize, this is fabulous.

tchize2008-03-10 16:04

Kivi:

tchize:

Playing with the density of values when it comes to 500000 run of that super function gives nice results.
(density curves and calculation code omitted)

tchize, this is fabulous.

Ironically, I hope :D

real_aardvark2008-03-10 16:17

On first reading this, I thought "salt!" (Amongst several other four-letter words.)

There is a certain beauty in it, however, and for once on TDWTF it has very little to do with the code. Read the comments:

/**
* We all know that random number generators aren't truly random.
* This class generates random numbers a bit more randomly.
*/
C-style comment, proposing a lemma that is (in practice) indefensible; followed by an indefensible conclusion.

// Allow this to be instantiated in parallel in multiple threads
C++-style comment, ignoring the obvious distinction between "instantiated" and "used." Putting my cone-head hat on, I might want to question why there's no "serialize" here.

Putting my OMFGWTF hat on, I'm no longer sure that I care.

Jake Cohen2008-03-10 17:17

The problem with most RNGs is that they are based on a mathematical formula.

In a truly random number generator, the probability of any number being returned is exactly the same as the probability of any other number being returned, every time it is invoked.

For a pseudo-RNG based on mathematical transformation of the previous value, the probability is skewed because they simply won't return the same value twice in a row. This means that given prng(N) = k, the probability that prng(N+1) = k is zero, which is against the definition of being truly random.

Using atmospheric noise (hardware-based) is probably as close as you can get to truly random, but even that doesn't necessarily create a perfectly even distribution of probability across all its possible values. It just makes it non-deterministic in terms of the state of the software using it.

Steve2008-03-10 17:24

For the first time in a long time, I uttered an audible "WTF" when reading that code.

Of course, that's the whole idea here, isn't it?

Babs2008-03-10 17:44

Oh, I dunno, wasting time and billing hours to the clods who outsourced the work to them in the first place?

vvv2008-03-10 17:46

a brilliant logic really - to guess the number one would need
to guess a number of times to guess a number. Too bad that
logic can't replace common sense and good education, ie. one that at least includes math.

Robin Goodfellow2008-03-10 17:59

The WTF here is that this code is actually way less random than even a poor random number generator. Consider that in any given range of numbers up to X digits long there are far more numbers of higher digits than there are of lower digits. For example, there are only 10 1-digit numbers, but there are 90 2-digit numbers. This algorithm, however, gives equal probability to producing numbers of any given length up to the maximum number of digits. Meaning there is an equal chance of producing a 1-digit number as there is of producing a 10-digit number. Which is not ideal. If this algorithm were actually used in a high security environment it would represent a severe vulnerability.

letatio2008-03-10 18:23

Noooo!!!! Somone leaked my RSA hash random function!!!! ahhhhhhhhhhhhhhhhhhhhhhhhhhh

Phantom Watson2008-03-10 18:24

"in it's entirety"? Tsk, tsk.

tin2008-03-10 18:43

Erik:

<snip stuff about lack of randomness on Sony CD player> All I can say is... good job Sony!

Well, at least that explains the root-kit thing.... Sort of.

tin2008-03-10 18:44

MAV:

Wonder what they're doing that needs super-extra-ultra random numbers?

Super extra ultra random security algorithms of course.

AdT2008-03-10 18:50

This code is not so bad. It could be improved, of course. For one, the number of decimal points should be randomized as well. One is so very predictable.

Second, it should throw random exceptions with randomized lorem ipsum error messages to throw off malicious callers.

Third, the number system should be randomized, using a random alphabet and a random parse function instead of Double.parseDouble. This parse function should pretend to parse the input, but may randomly return something else entirely, like the above mentioned 999999. The caller can never be sure what's actually returned. You cannot be too paranoid after all.

And now for something completely different...

Melchett: Now, Field Marshal Haig has formulated a brilliant tactical plan to ensure final victory in the field

Blackadder: Would this brilliant plan involve us climbing over the top of our trenches and walking, very slowly towards the enemy?

Darling: How did you know that Blackadder? It's classified information

Blackadder: It's the same plan we used last time, and the seventeen times before that

Melchett: E-e-exactly! And that is what is so brilliant about it. It will catch the watchful Hun totally off guard. Doing exactly what we've done eighteen times before will be the last thing they expect us to do this time.

China2008-03-10 19:03

Saw this in a C++ cookbook once:
1) generate lots of random numbers (e.g. 1000)
2) put those random numbers into an array
3) when you need a random number
3.1) generate a random number in the range 0-array.size
3.2) use the number in the array as your random number, scaling as necessary
3.3) generate a new random number for that place in the array

Use the same singleton random number generator for all steps - takes advantage of 'random number generators get more random over time'.

Discuss.

Not very random at all2008-03-10 19:11

Jukebox in a pub played the least-played tracks when nobody put any money in - sort of a punishment for not enriching the jukebox company. Those were the 3 most played songs on the machine.

Some guy2008-03-10 19:15

A secondary WTF is inefficient object/memory usage. Why isn't he passing the StringBuilder object to the private methods?!

dusoft2008-03-10 19:49

that's randomly secret.

wtfpimp2008-03-10 21:21

Haha... the best part is where they go (rand * 100) * rand thereby totally ruining an equal distribution. Fools!

James2008-03-10 22:27

Way back, many years ago, a friend of mine in college was stumped on a multiple choice test. So, he pulled out his dice bag, snagged a d4, and randomly answered some questions.

Cris2008-03-11 00:37

Have they heard of /dev/urandom?

Richard Neill2008-03-11 01:09

Well, it does do at least 2 slightly "useful" things:

(1)It doesn't actually do any real harm by discarding entropy.

(2)It changes the distribution from which the random numbers are drawn, from linear to (truncated) logarithmic.

iMalc2008-03-11 01:39

Truly astounding!

Quadratic distribution of the number of digits??? Where do people come up with this stuff...

iMalc2008-03-11 01:48

Richard Neill:

Well, it does do at least 2 slightly "useful" things:

(1)It doesn't actually do any real harm by discarding entropy.

(2)It changes the distribution from which the random numbers are drawn, from linear to (truncated) logarithmic.

Wrong. It does harm by shortening the length of the period until repetition of the pseudo random number sequence.

Bozo2008-03-11 02:07

Shes friggin hot eh

(don't tell my gf i just said that)

:]

Bozo2008-03-11 02:07

Bozo:

Shes friggin hot eh

(don't tell my gf i just said that)

:]

the irish i were drunk chick i mean ;]

Raw2008-03-11 03:24

Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()

Actually, it can, and this algorithm actually does it, in a extremely backwards way.

What am I talking about?

Well, most random number generators I've seen in various languages have a limited resolution. Just because they generate a random number with a bunch of decimals does not mean that they are able to generate every number in that interval. Sure, if you are just goint to scale it up to 1-100, it's no problem, but once you try to scale it up to, say 1-1000 000, you'll notice that, no matter how long you run them, some results will never, ever show up. In some cases, it's even noticable in a scale of 1-10 000 or less.

OK, I admit, I've not tried it to the point of "never ever", but close enough. In most cases, you can even see patterns where these "holes" are going to appear. For instance, in some archaic version of C, getting random X and Y coordinates and plotting them on a white screen as black pixels generated a black screen with thin white stripes going diagonally down the screen.

If you need such a resolution, another algorithm is needed. One variant is the one used here, to piece it together from random digits, as that only relies on having a resolution capable of handling ten cases.

Another, variant, which is faster and simpler, but not guaranteed to be perfect, is to add a bunch of random numbers and wrap if they overflow. This can be made less likely to have holes by adding gradually smaller numbers, thus using the sufficient resolution of a smaller span to plug the holes. This algorith still can't guarantee an even distribution of all results, but at least all results are likely to appear in the resulting data set if run long enough.

In other words, the thought behind the code in this WTF is sound, but the implementation of it is effed up.

Tiran Kenja2008-03-11 03:57

Hmm.

I suppose java.security.SecureRandom wasn't random enough either.

Maybe it's time to build an external USB random generator. I'm thinking something that actually throws a dice and reads the output ;) Anyone who REALLY wants random numbers would have to get one.

N Morrison2008-03-11 04:00

The greatest WTF in this is that the code author doesn't know that attempts to create more random numbers almost always result in numbers that are less random - unless you are Knuth. Similarly, attempts by the untrained to write sort routines usually result in a bad bubble sort.

Jos2008-03-11 05:26

I know how to make this *really* random! Let a 2 year old (or similar, like a monkey wih darts) shuffle the array with digits! Now THAT would really achieve randomness...

DOA2008-03-11 06:07

I'm tired of these novice approaches to random number generation. Here's how you do it:

1) get a (pseudo)random number.
2) Multiply by the number of degrees of the angle that Venus , Hermes and Earth form at that moment. Needless to say we're talking about the angle at the Earth node of the triangle.
3) Subtract the the number of geese presently in flight in your country's air space.
4) Add the number of milliliters of gas present in Bill Gates' lower intestine.
5) Divide by the distance from your PC (front left-hand corner of case) to Neil Armstrong's footprint on the moon (toes). Distance to be measured in number of Hindenberg zeppelin lengths (pre-crash).
6) Add the chances of you marrying a supermodel.
7) Multiply by the number of Google hits for the word "Nazi".
8) Random number!!

Amateurs...

Anonymous2008-03-11 06:31

bramster:

I like to sort my random numbers.

And don't forget to use the "random sort" algorithm:

void sort(List numbers) {
do shuffle(numbers);
while (!sorted(numbers));
}

void shuffle(List numbers) {
// typical algorithm to shuffle the list of numbers,
// calling rand() to make it result random
}

boolean sorted(List numbers) {
// check if the list of numbers is in sorted order;
// if so, return true; else return false
}

:D

Anonymous2008-03-11 06:37

yer mom:

/**
* We all know that random number generators aren't truly random.
* This function generates random numbers a bit more randomly by using a hardware source.
*/
int random() {
FILE* fp;
char count;
float final = 0;

Well... leaving out the =0 part would make the result more arbitrary (but not more random)...

yer mom:

char i;

fp = fopen("/dev/null", "r"); /* open hardware source */
count = fgetc(fp); /* more randomly */
for (i = 0; i < count; i++) {
final *= ((float)fgetc(fp)) / 255.0;
};
};

Um... with a compiler that doen't warn you against missing return statements, you'll get quite arbitrary (but not random) return values from this function.

Anonymous2008-03-11 06:39

kw:

So, there is a 1 in 100 chance that the value left of the '.' is 0, and there is a 1 in 100 chance that the value left of the '.' will range between 1*10^100 to 9.999...*10^10 ?

Does true randomness typically lean towards smaller values?

But random =/=> uniform distribution!

What do you mean "true randomness"? Guassian noise (as you would get with any physical measurement) is not "true randomness"?

Cope with IT2008-03-11 06:41

Erik:

All I can say is... good job Sony!

It's a trick, it's not a Sony...

Anonymous2008-03-11 06:51

snoofle:

Hi there - OP here. I can't believe nobody mentioned that

Because what you say below is wrong:

snoofle:

no routine
that depends upon a random number generator can ever really be any
more random than the underlying generator being used. In other words,
assuming that the routine is implemented perfectly (as many have
pointed out, it's not), it can never be any more random than:
Math.random()

What do you mean by "more random"? Is Gaussian distribution or Poisson distribution "less random" than uniform distribution? Why? By what measures?

N.B. For simulations, I've written code (well... adopting/copying from pseudocode of pretty standard and known to be correct and fast algorithms) that generates random numbers with Gaussian distribution and Poisson distribution (as well as others). This is a very typical use of non-uniformly distributed random numbers. These algorithms use a uniformly distributed random number generator as a source. So, the quality of the generated numbers is delegated to quality of the source generator, and pretty good ones can be found. (On Linux, this can be based on /dev/random -- a true source of randomness.) Are you saying that an exponentially distributed random number generated algorithmically from a uniformly distributed random number source (of high quality) is "not very random"?

Thief^2008-03-11 06:52

Raw:

Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()

Actually, it can, and this algorithm actually does it, in a extremely backwards way.

No, it won't be more random, because the source generator generates a specific sequence of numbers, and using successive calls to build one number guarantees that parts of the number are based on other parts.

Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.

Putting these together means that even if implemented optimally, doing this is just a tradeoff between length of random number and the "randomness" of the number.

If you want random numbers from -inf to +inf, better to just use a random generator that outputs 64 bits of random and reinterpret it as a double (handling NaNs etc as necessary).

NeoMojo2008-03-11 06:55

You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1. Once it reaches the maximum value reset it to 0.

Obviously if you want to get a number in the range 0->X then divide the value in the row by the maximum value and multiply by X.

Ultra Random!

mrbungle2008-03-11 07:15

I remember with pretty good privacy, to generate a private key, you were given the option of mashing the keyboard to create a random number. If I recall correctly, it used the milliseconds(modulo some number < human reaction time) to seed a random number generator.

I can recall that a few cracks came out for rsa, because it was possible to reduce the search number space by a few orders of magnitude by exploiting limitations in random number generators of the machine that made the private key.
This is why pgp implemented this random number generator.
For typical statistical and engineering programming, though, I think the standard random functions would be fine.

TraumaPony2008-03-11 08:29

RobIII:

TraumaPony:

akatherder:

Random() returns increasingly randomer numbers the more you call it.

Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.

You have *GOT* to be kidding me! Where's your sarcasm detector?

DUDE...

It went to sleep four hours before I posted.

Dave2008-03-11 08:35

You pay peanuts, you get monkeys - sometimes literally.

They are cheap, right?

SozzlyJoe2008-03-11 09:33

You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1

I think that's what we call a "page counter"

Kanzi2008-03-11 09:52

I think they should just use my 4dc5 sequence:

http://dudegalea.co.uk/articles/4dc5.html

which is clearly random by definition, and therefore brillant. :-)

SCB2008-03-11 10:44

Anonymous:

bramster:

I like to sort my random numbers.

And don't forget to use the "random sort" algorithm:

void sort(List numbers) {
do shuffle(numbers);
while (!sorted(numbers));
}

void shuffle(List numbers) {
// typical algorithm to shuffle the list of numbers,
// calling rand() to make it result random
}

boolean sorted(List numbers) {
// check if the list of numbers is in sorted order;
// if so, return true; else return false
}

:D

http://en.wikipedia.org/wiki/Bogosort

Dhericean2008-03-11 11:15

Thief^:

Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.

Of course if they are worried about repetition then simply implement a RNG that has a larger period. I would recomment the Mersenne Twister MT19937(http://en.wikipedia.org/wiki/Mersenne_twister) with its period of 2^19937 - 1. Then they could generate as many of these dooper-random numbers without repetition (at least in this universal lifetime).

The code for implementation is available in a number of different languages. Not cryptographically secure in its basic form, but ideal for large sample monte carlo simulation type uses.

This comment brought to you by the society to ruin the joke by being serious ;)

Pepe2008-03-11 12:23

And just in case it isn't enough to compound Random(), re-entrancy issues will probably introduce their own unpredictability in this...

NeoMojo2008-03-11 12:33

SozzlyJoe:

You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):

Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1

I think that's what we call a "page counter"

Not after I send my application off to the USPTO!

ap2008-03-11 14:00

In case anyone missed it, the major wtf here is that the distribution represented by this class is NOT the uniform distribution (which most people expect -- be as likely to return "1" as "100001"). In particular, shorter numbers are more likely to occur than longer ones (because the length is chosen from a uniform distribution and then each digit is chosen independently from a uniform distribution).

While the programming isn't stellar, the real problem here is the author's complete and utter misunderstanding of "randomness". Hopefully they're not doing anything dependent on good random numbers!

Max2008-03-11 16:18

Lollollollollllloooll
If they aren't random then why use them?

Guru2008-03-11 18:01

This does not change the randomness but the probability density function. If Math.random() is uniformly distributed, this function returns logarithmic distributed random values (which is probably not intended by the author).

vidar7122008-03-11 21:11

Why don't they just do this?

int Random()
{
Return Random();
}

Anonymous2008-03-11 21:49

vidar712:

Why don't they just do this?

int Random()
{
Return Random();
}

B'cos it doesn't compile! :)

AC2008-03-11 23:52

DaveK:

Well, since the range is so huge, I would have thought that just taking the result modulo ten should give a sufficiently even distribution; it's not like taking a 7-bit random from 0-127 modulo ten where each of the numbers 0-7 get 'one extra chance' to be picked than the others.

However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

... that could take a little while.

Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?

Anonymous2008-03-12 01:34

AC:

DaveK:

However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

... that could take a little while.

Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?

Who knows? Of course, man (not just God) knows.

Let Y be the no. of time that Math.Random() gets executed in a call of this code fragment.
Assume the precondition x>10 upon entry.
Assume further that Math.Random()*10000000000 returns an integer between 0 and 999999999 (inclusively) with even distribution.

Then, Y is a geometrically distributed random variable, with P(Y=1) = 1e-9, P(Y=2) = (1 - 1e-9) * 1e-9, ...
In general,

P(Y=y) = 1e-9 * (1 - 1e-9)^(y-1)

The mean of Y is E(Y) = 1/1e-9 = 1e9 = 1000000000. i.e. the body of the loop runs 1000000000 times on average, under the assumptions stated above.

Anon2008-03-12 02:03

I love the comment next to the standard Java constructor. Yeah, dude, your constructor is TOTALLY there for parallelization and you're not just throwing that in to look badass. Suuure.

Randy2008-03-12 06:40

Especially when you call it at random!

Jeff2008-03-12 11:00

I think it's for their next step.... the Random namespace, which includes the Random class, so they can add it all to their Random app.

snarky2008-03-12 11:58

I take it the coder hasn't heard about random.org.

Phil2008-03-12 19:53

why not use a secure random number generator if it matters that much?

WildTurkey1012008-03-13 01:49

Randomness haiku:

what will be will be

randomness is illusion

perception's limit

oh2008-03-14 09:39

at least your offshore guys write better code than mine. I would be proud if mine could write that.

Jim In Ottawa2008-03-14 12:00

The best part is that it runs in parallel. So parallel streams will have potentially similar seeds in the random number generator meaning high correlation between the parallel random number generators.

Suxx0r2008-03-15 06:24

It does not return logarithmically distributed function! Didn't you see the graphs tchize brought: http://img142.imageshack.us/my.php?image=density1ia8.png

???

The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.

Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..

real_aardvark2008-03-15 14:14

snarky:

I take it the coder hasn't heard about random.org.

I tried typing that in to my browser, but the letters got all muddled up.

Can I borrow an infinite number of monkeys, please?

random reader2008-03-15 18:30

why don't you fill an array of numbers generated by a prng,
pick an index within this array by an prng,
use this the number at this index as seed for your prng,
and still be as random as your prng is ?

Random Observer2008-03-16 11:54

This must be a spoof.
What offshore code has a comment? Much less one that well written?

Gordon2008-03-17 16:40

Suxx0r:

It does not return logarithmically distributed function! Didn't you see the graphs tchize brought: http://img142.imageshack.us/my.php?image=density1ia8.png

The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.

Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..

Actually, it is sorta kinda logarithmic. I used this algorithm as way to learn how to use some data analysis software -- I generated about 100000 samples and plotted a histogram of the results. When you look at the results on a log-log scale, it looks remarkably linear.

However, looking more deeply, a pattern emerges that should have been obvious from looking at the code. The numbers are uniformly random with each decade (i.e. uniform between 1 and 10, and between 10 and 100, and between 100 and 1000, etc.). However, the probability density within any given decade is 10 times higher than the next decade, i.e. the density of numbers between 1 and 10 is ten times greater than the density between 10 and 100, which is in turn ten times greater than between 100 and 1000, etc. As I said, this should have been obvious from the start, but I didn't realize it until I started playing with the analysis software and looking at details of the distribution.

Note: The distribution is not comparable to squaring a continuous random variable: random*random is not the same as (random)**2. Nor is the distribution fractal-shaped -- again, it's stepwise linear with the steps being logarithmically distributed along both axes.

juyjjh2008-03-20 03:37

The best rated mp3 players are a quick and easy way to reduce the all range of players to just a few you're most likely to prefer.
cheap mp3 player By learning from the feedback of other people, you can more easily find the pros and cons of those mp3 devices.
buy mp3 player After all, the best rated mp3 players have been approved by thousand of people out there, The task of choosing a single mp3 player from the thousands of different brand/models out there might seem daunting at first.
mp3 player Even after removing all those that don't suit you, you'll still be looking at a dozen or more, By searching the best rated mp3 players, you'll easily find those that have already been tested by many mp3 users out there.
MP3 PLAYER kaufen It will certainly give you a more accurate ideas you'd only be aware after you buy one,
While sometimes the best for everyone is not the best for you.
mp3 player other times it will prove to be a precious ally when you're trying to choose between a couple of mp3 players.
mp3 By taking a careful look at the best rated mp3 players, it's like having thousand of friends letting you know their opinion.

Oded2008-03-22 19:37

This is actually not as bad as it seems - inefficient as all hell, but assuming your seed your RNG properly (it isn't in the listing, but it can be done outside this code easily), then you get this:
- getRandomNumberOfDigits() is pretty stupid as no matter how many times you are calling Math.random() you'll only get 6.6 bits of entropy, but it doesn't matter much:
- its hard to analyze the output of getRandomDigitString() as the amount of entropy you get out of it varies from call to call, but assuming that on average you'll get 50 digits then the result of random() would have on average 2*(50*3.3) = 330 bits of entropy, which isn't half bad considering Math.random() generates a predictable 53 bits of entropy per call.

The problem is of course (again, aside from the inefficiencies) that you are going to get a random amount of entropy from each call (a random amount of randomness if you will) which can be very little - as low as a few bits, especially with the first few calls if you haven't seeded your RNG - which is not what you want when you want to be secure in your randomness

Peter2008-08-12 00:34

Nah, they'd just pick up the 3 and 7 and smack them together a bunch.

I'd hate to see them come up with a number between 1 and 10 with this strategy. Especially since every number they obtain is going to be anywhere from 0 to 10^100.

yes it more random because you get a RANDOM^2 number!!!11one-eleven... and so on :)

Well, since the range is so huge, I would have thought that just taking the result modulo ten should give a sufficiently even distribution; it's not like taking a 7-bit random from 0-127 modulo ten where each of the numbers 0-7 get 'one extra chance' to be picked than the others.

However looking at their code, I can only assume they'd generate a random number between 1 and 10 by calling the random routine and repeatedly looping until they got one that fell in range.....

... that could take a little while.

Random numbers are serious business. In cryptography, a secure random number generator can mean the difference between impossible to crack and trivial to break.

This code is just an EPIC FAIL in every way.

Let rand return a number between 2 and 9.

Multiply by 9.

Add the digits of the result together.

Subtract 5.

This should be as random as I need to get and as everyone knows, a formula is better than just calling rand().

Actually, depending on the algorithm, the more times you call it, the more predictable it becomes.

"Random numbers should not be generated with a method chosen at random."

Well I suppose they could do answer % 10 + 1, but I'm sure they have a much more convoluted function that does the same thing.

the more i read this sentence, the less "random" looks like a proper word..

return (int) ((Math.random() * 100) * Math.random());

}

You have *GOT* to be kidding me! Where's your sarcasm detector?

DUDE...

"Wonder what they're doing that needs super-extra-ultra random numbers? "

They are getting paid by the line of code developed.

with apologies to xkcd.

After all, it's theoretically possible that your perfectly-random die rolls repeated 1's. And your callers wouldn't know any different, unless they kept a history (which most don't)

;-)

Nine, Nine, Nine, Nine, Nine, Nine, Nine, Nine.

OMGZ that totally equals my birthday! It really DOES work!

Now forward this to 20 friends or u'll have bad luck. LOLZ.

Irish

shewere drunk too. Rowr.There, fixed that for ya.

{

int ret;

printf("Please throw the dice that you will find under your chair and enter the result");

scanf("%d",&ret);

return ret;

}

Does true randomness typically lean towards smaller values?

* getRandomDigit does a pretty reliable job of returning one of the ten strings '0' through '9'... I think.

* getRandomNumberOfDigits generates a number between 0 and 100, then multiplies it by a number between 0 and 1, generating a significantly less random number between 0 and 100. It converts it to an integer, so the number will probably be between 0 and 99. Converting to integer already does a pretty good job of de-randomizing the number, so the multiplication really just wastes clock cycles.

* getRandomDigitString calls getRandomNumberOfDigits to see how many numbers should be in the string. However, getRandomNumberOfDigits could return zero. So it discards 1% of its randomness and equates "zero digits" to "one digit", with that digit being "0". Maybe it only eliminated 0.1% of the randomness.

* Finally, take a nearly-random string of 1-99 numbers (with a greater than 1% chance that the string is "0"), add a decimal, add another nearly-random string of 1-99 numbers (again, good odds that the string is "0"), and cram it into a Double.

This is about as good a WTF as you can get. The function works without error, doing exactly what it was programmed to do, but the world would be a better place if it would just throw a "YOU CAN'T BE SERIOUS" error and die.

fprintf(stderr, "DICE_NOT_FOUND");

Captcha: caecus

This is a ordered version of 20 runs, note how it goes from very very small, to very very big, very very quickly. Very very.

The numbers look about the same with thousands of runs, very small then very big. I saw a few plain "0"s too.

It's interesting to note though, that not only do the numbers themselves vary, but so does their randomness.

Assuming math.random is evenly distributed between 0.0 <= x < 1.0

then number of digits is going to peak around 25 in't it?

so then your distribution of actual values is some freaky integral of an exponential.

Hi there - OP here. I can't believe nobody mentioned that no routine that depends upon a random number generator can ever really be any more random than the underlying generator being used. In other words, assuming that the routine is implemented perfectly (as many have pointed out, it's not), it can never be any more random than: Math.random()

that always equals 4. Why not just use xkcd's version, it's less wordy, but has the same result.

Hey, I DID that. Didn't know random number existed, was using pascal, was years ago, one of my very first programs. You feel ashame when you discover there exist a random() function :/

At least it wasn't professional :D

I think it was sarcastic.

int counter = -1;

public int getRandomInt() {

counter++;

switch (counter) {

case 0:

return 4;

case 1:

return 2;

case 2:

return 5;

case 3:

return 4;

//and so on

default:

//this can't happen anyway....

throw new SomeException();

}

}

You just need to do a proper sizing on project start and some cheap labor to roll dice. You could even sell updates to your software supplying new randomness!

{

return "moo";

}

Average length from getRandomNumberOfDigits: 37

Execution time for 1000 iterations: .3 seconds

And just using rand(0, rand(0, 100))

Average length: 50

Execution time for 1000 iterations: .009 seconds

On top of that I seriously doubt they actually use a 10^rand(0, 100) number, but rather trim it...

Epic Fail!

Because xkcd's isn't a formula, mine has to be better!

This is actually way more insightful than most people might know. The Math.random() method already generates the maximum amount of entropy in its output that it can (entropy you can think of as being a measure of randomness). By distilling a sequence of random numbers into digits, you are reducing the possible outputs from billions and billions to ten. You're reducing the ideal entropy of the function (just looking purely at the output size), so necessarily the actual entropy cannot be any greater than that (think of it sorta like the laws of thermodynamics but with bits).

So... in short... I REALLY hope that the comment at the top about making Math.random() more random isn't what they actually thought, because the output of this function is way less random than Math.random().

Truly, the real wtf is that they already knew about Math.random() and didn't use it. If you're doing something crypto-wise you should just use one of the well-established crypto methods like blum-blum-shubb.

Sorry about the super verbose comment. As a crypto programmer, I just thought I'd weigh in.

Cheers!

- max

random_comment()

http://xkcd.com/221/

Generating unique IDs, obviously :D

Wow, I can't believe no one posted that before you.

Oh wait like 3 people did.

Here is the density curve:

Now a slight zoom around zero, see the nice curious peaks? Well at least the got a somehow fractal function. smaller peaks are around big peaks, with smaller peaks around them, etc. A shame it stops after 100 iterations :D. Wait, it's exactly the maximum number of digits :p!

That sure is so much better than what you get out of Math.random(), isn't it? That variations in the density is probably so bad (probably due to my naive way of calculating it, which is perfectly correct for non random generator using 100 digits in string :p!

The calculation code, for the fun :D (Yes, i know it's a wtf, the randomizer deserves it!)

Those 5 tracks played WAY more often than they ought to, and I realized that the damn thing was randomly selecting a folder THEN randomly selecting a track. Those 5 songs then had a 50% chance of being played vs. the other 95! I'd have a 10% chance of hearing one of the first folder's songs, and a just-over 0.5% chance of hearing the other 95!

All I can say is... good job Sony!

tchize, this is fabulous.

Ironically, I hope :D

There is a certain beauty in it, however, and for once on TDWTF it has very little to do with the code. Read the comments:

/**

* We all know that random number generators aren't truly random.

* This class generates random numbers a bit more randomly.

*/

C-style comment, proposing a lemma that is (in practice) indefensible; followed by an indefensible conclusion.

// Allow this to be instantiated in parallel in multiple threads

C++-style comment, ignoring the obvious distinction between "instantiated" and "used." Putting my cone-head hat on, I might want to question why there's no "serialize" here.

Putting my OMFGWTF hat on, I'm no longer sure that I care.

In a truly random number generator, the probability of any number being returned is exactly the same as the probability of any other number being returned, every time it is invoked.

For a pseudo-RNG based on mathematical transformation of the previous value, the probability is skewed because they simply won't return the same value twice in a row. This means that given prng(N) = k, the probability that prng(N+1) = k is zero, which is against the definition of being truly random.

Using atmospheric noise (hardware-based) is probably as close as you can get to truly random, but even that doesn't necessarily create a perfectly even distribution of probability across all its possible values. It just makes it non-deterministic in terms of the state of the software using it.

Of course, that's the whole idea here, isn't it?

to guess a number of times to guess a number. Too bad that

logic can't replace common sense and good education, ie. one that at least includes math.

Well, at least that explains the root-kit thing.... Sort of.

Super extra ultra random security algorithms of course.

Second, it should throw random exceptions with randomized lorem ipsum error messages to throw off malicious callers.

Third, the number system should be randomized, using a random alphabet and a random parse function instead of Double.parseDouble. This parse function should

pretendto parse the input, but may randomly return something else entirely, like the above mentioned 999999. The caller can never be sure what's actually returned. You cannot be too paranoid after all.And now for something completely different...

Melchett: Now, Field Marshal Haig has formulated a brilliant tactical plan to ensure final victory in the fieldBlackadder: Would this brilliant plan involve us climbing over the top of our trenches and walking, very slowly towards the enemy?Darling: How did you know that Blackadder? It's classified informationBlackadder: It's the same plan we used last time, and the seventeen times before thatMelchett: E-e-exactly! And that is what is so brilliant about it. It will catch the watchful Hun totally off guard. Doing exactly what we've done eighteen times before will be the last thing they expect us to do this time.1) generate lots of random numbers (e.g. 1000)

2) put those random numbers into an array

3) when you need a random number

3.1) generate a random number in the range 0-array.size

3.2) use the number in the array as your random number, scaling as necessary

3.3) generate a new random number for that place in the array

Use the same singleton random number generator for all steps - takes advantage of 'random number generators get more random over time'.

Discuss.

(1)It doesn't actually do any real harm by discarding entropy.

(2)It changes the distribution from which the random numbers are drawn, from linear to (truncated) logarithmic.

Quadratic distribution of the number of digits??? Where do people come up with this stuff...

(don't tell my gf i just said that)

:]

the irish i were drunk chick i mean ;]

Actually, it can, and this algorithm actually does it, in a extremely backwards way.

What am I talking about?

Well, most random number generators I've seen in various languages have a limited resolution. Just because they generate a random number with a bunch of decimals does not mean that they are able to generate every number in that interval. Sure, if you are just goint to scale it up to 1-100, it's no problem, but once you try to scale it up to, say 1-1000 000, you'll notice that, no matter how long you run them, some results will never, ever show up. In some cases, it's even noticable in a scale of 1-10 000 or less.

OK, I admit, I've not tried it to the point of "never ever", but close enough. In most cases, you can even see patterns where these "holes" are going to appear. For instance, in some archaic version of C, getting random X and Y coordinates and plotting them on a white screen as black pixels generated a black screen with thin white stripes going diagonally down the screen.

If you need such a resolution, another algorithm is needed. One variant is the one used here, to piece it together from random digits, as that only relies on having a resolution capable of handling ten cases.

Another, variant, which is faster and simpler, but not guaranteed to be perfect, is to add a bunch of random numbers and wrap if they overflow. This can be made less likely to have holes by adding gradually smaller numbers, thus using the sufficient resolution of a smaller span to plug the holes. This algorith still can't guarantee an even distribution of all results, but at least all results are likely to appear in the resulting data set if run long enough.

In other words, the thought behind the code in this WTF is sound, but the implementation of it is effed up.

I suppose java.security.SecureRandom wasn't random enough either.

Maybe it's time to build an external USB random generator. I'm thinking something that actually throws a dice and reads the output ;) Anyone who REALLY wants random numbers would have to get one.

1) get a (pseudo)random number.

2) Multiply by the number of degrees of the angle that Venus , Hermes and Earth form at that moment. Needless to say we're talking about the angle at the Earth node of the triangle.

3) Subtract the the number of geese presently in flight in your country's air space.

4) Add the number of milliliters of gas present in Bill Gates' lower intestine.

5) Divide by the distance from your PC (front left-hand corner of case) to Neil Armstrong's footprint on the moon (toes). Distance to be measured in number of Hindenberg zeppelin lengths (pre-crash).

6) Add the chances of you marrying a supermodel.

7) Multiply by the number of Google hits for the word "Nazi".

8) Random number!!

Amateurs...

And don't forget to use the "random sort" algorithm:

:D

Well... leaving out the

=0part would make the result more arbitrary (but not more random)...Um... with a compiler that doen't warn you against missing

returnstatements, you'll get quite arbitrary (but not random) return values from this function.But random =/=> uniform distribution!

What do you mean "true randomness"? Guassian noise (as you would get with any physical measurement) is not "true randomness"?

Because what you say below is wrong:

What do you mean by "more random"? Is Gaussian distribution or Poisson distribution "less random" than uniform distribution? Why? By what measures?

N.B. For simulations, I've written code (well... adopting/copying from pseudocode of pretty standard and known to be correct and fast algorithms) that generates random numbers with Gaussian distribution and Poisson distribution (as well as others). This is a very typical use of non-uniformly distributed random numbers. These algorithms use a uniformly distributed random number generator as a source. So, the quality of the generated numbers is delegated to quality of the source generator, and pretty good ones can be found. (On Linux, this can be based on /dev/random -- a true source of randomness.) Are you saying that an exponentially distributed random number generated algorithmically from a uniformly distributed random number source (of high quality) is "not very random"?

No, it won't be more random, because the source generator generates a specific sequence of numbers, and using successive calls to build one number guarantees that parts of the number are based on other parts.

Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.

Putting these together means that even if implemented optimally, doing this is just a tradeoff between length of random number and the "randomness" of the number.

If you want random numbers from -inf to +inf, better to just use a random generator that outputs 64 bits of random and reinterpret it as a double (handling NaNs etc as necessary).

Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.

For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1. Once it reaches the maximum value reset it to 0.

Obviously if you want to get a number in the range 0->X then divide the value in the row by the maximum value and multiply by X.

Ultra Random!

I can recall that a few cracks came out for rsa, because it was possible to reduce the search number space by a few orders of magnitude by exploiting limitations in random number generators of the machine that made the private key.

This is why pgp implemented this random number generator.

For typical statistical and engineering programming, though, I think the standard random functions would be fine.

It went to sleep four hours before I posted.

They are cheap, right?

I think that's what we call a "page counter"

http://dudegalea.co.uk/articles/4dc5.html

which is clearly random by definition, and therefore brillant. :-)

http://en.wikipedia.org/wiki/Bogosort

Of course if they are worried about repetition then simply implement a RNG that has a larger period. I would recomment the Mersenne Twister MT19937(http://en.wikipedia.org/wiki/Mersenne_twister) with its period of 2^19937 - 1. Then they could generate as many of these dooper-random numbers without repetition (at least in this universal lifetime).

The code for implementation is available in a number of different languages. Not cryptographically secure in its basic form, but ideal for large sample monte carlo simulation type uses.

This comment brought to you by the society to ruin the joke by being serious ;)

Not after I send my application off to the USPTO!

While the programming isn't stellar, the real problem here is the author's complete and utter misunderstanding of "randomness". Hopefully they're not doing anything dependent on good random numbers!

If they aren't random then why use them?

int Random()

{

Return Random();

}

B'cos it doesn't compile! :)

Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?

Who knows? Of course, man (not just God) knows.

Let Y be the no. of time that Math.Random() gets executed in a call of this code fragment.

Assume the precondition x>10 upon entry.

Assume further that Math.Random()*10000000000 returns an integer between 0 and 999999999 (inclusively) with even distribution.

Then, Y is a geometrically distributed random variable, with P(Y=1) = 1e-9, P(Y=2) = (1 - 1e-9) * 1e-9, ...

In general,

P(Y=y) = 1e-9 * (1 - 1e-9)^(y-1)

The mean of Y is E(Y) = 1/1e-9 = 1e9 = 1000000000. i.e. the body of the loop runs 1000000000 times on average, under the assumptions stated above.

what will be will be

randomness is illusion

perception's limit

tchizebrought: http://img142.imageshack.us/my.php?image=density1ia8.png???

The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.

Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..

I tried typing that in to my browser, but the letters got all muddled up.

Can I borrow an infinite number of monkeys, please?

pick an index within this array by an prng,

use this the number at this index as seed for your prng,

and still be as random as your prng is ?

What offshore code has a comment? Much less one that well written?

Actually, it is sorta kinda logarithmic. I used this algorithm as way to learn how to use some data analysis software -- I generated about 100000 samples and plotted a histogram of the results. When you look at the results on a log-log scale, it looks remarkably linear.

However, looking more deeply, a pattern emerges that should have been obvious from looking at the code. The numbers are uniformly random with each decade (i.e. uniform between 1 and 10, and between 10 and 100, and between 100 and 1000, etc.). However, the probability density within any given decade is 10 times higher than the next decade, i.e. the density of numbers between 1 and 10 is ten times greater than the density between 10 and 100, which is in turn ten times greater than between 100 and 1000, etc. As I said, this should have been obvious from the start, but I didn't realize it until I started playing with the analysis software and looking at details of the distribution.

Note: The distribution is not comparable to squaring a continuous random variable: random*random is not the same as (random)**2. Nor is the distribution fractal-shaped -- again, it's stepwise linear with the steps being logarithmically distributed along both axes.

cheap mp3 player By learning from the feedback of other people, you can more easily find the pros and cons of those mp3 devices.

buy mp3 player After all, the best rated mp3 players have been approved by thousand of people out there, The task of choosing a single mp3 player from the thousands of different brand/models out there might seem daunting at first.

mp3 player Even after removing all those that don't suit you, you'll still be looking at a dozen or more, By searching the best rated mp3 players, you'll easily find those that have already been tested by many mp3 users out there.

MP3 PLAYER kaufen It will certainly give you a more accurate ideas you'd only be aware after you buy one,

While sometimes the best for everyone is not the best for you.

mp3 player other times it will prove to be a precious ally when you're trying to choose between a couple of mp3 players.

mp3 By taking a careful look at the best rated mp3 players, it's like having thousand of friends letting you know their opinion.

- getRandomNumberOfDigits() is pretty stupid as no matter how many times you are calling Math.random() you'll only get 6.6 bits of entropy, but it doesn't matter much:

- its hard to analyze the output of getRandomDigitString() as the amount of entropy you get out of it varies from call to call, but assuming that on average you'll get 50 digits then the result of random() would have on average 2*(50*3.3) = 330 bits of entropy, which isn't half bad considering Math.random() generates a predictable 53 bits of entropy per call.

The problem is of course (again, aside from the inefficiencies) that you are going to get a random amount of entropy from each call (a random amount of randomness if you will) which can be very little - as low as a few bits, especially with the first few calls if you haven't seeded your RNG - which is not what you want when you want to be secure in your randomness