- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
What do you mean by "more random"? Is Gaussian distribution or Poisson distribution "less random" than uniform distribution? Why? By what measures?
N.B. For simulations, I've written code (well... adopting/copying from pseudocode of pretty standard and known to be correct and fast algorithms) that generates random numbers with Gaussian distribution and Poisson distribution (as well as others). This is a very typical use of non-uniformly distributed random numbers. These algorithms use a uniformly distributed random number generator as a source. So, the quality of the generated numbers is delegated to quality of the source generator, and pretty good ones can be found. (On Linux, this can be based on /dev/random -- a true source of randomness.) Are you saying that an exponentially distributed random number generated algorithmically from a uniformly distributed random number source (of high quality) is "not very random"?
Admin
Not to mention that calling random so many times in a row for every random number you produce massively shortens the time until repetition.
Putting these together means that even if implemented optimally, doing this is just a tradeoff between length of random number and the "randomness" of the number.
If you want random numbers from -inf to +inf, better to just use a random generator that outputs 64 bits of random and reinterpret it as a double (handling NaNs etc as necessary).
Admin
You want blazing inefficiency? Try this if you want random numbers on a website(it just popped into my head):
Create a table in a database with only one column and make it an integer. Set the value of the first row to 0.
For each person who enters you website and needs a random number take the value of that row and assign it to them and then increase the value by 1. Once it reaches the maximum value reset it to 0.
Obviously if you want to get a number in the range 0->X then divide the value in the row by the maximum value and multiply by X.
Ultra Random!
Admin
I remember with pretty good privacy, to generate a private key, you were given the option of mashing the keyboard to create a random number. If I recall correctly, it used the milliseconds(modulo some number < human reaction time) to seed a random number generator.
I can recall that a few cracks came out for rsa, because it was possible to reduce the search number space by a few orders of magnitude by exploiting limitations in random number generators of the machine that made the private key. This is why pgp implemented this random number generator. For typical statistical and engineering programming, though, I think the standard random functions would be fine.
Admin
It went to sleep four hours before I posted.
Admin
You pay peanuts, you get monkeys - sometimes literally.
They are cheap, right?
Admin
I think that's what we call a "page counter"
Admin
I think they should just use my 4dc5 sequence:
http://dudegalea.co.uk/articles/4dc5.html
which is clearly random by definition, and therefore brillant. :-)
Admin
Admin
Of course if they are worried about repetition then simply implement a RNG that has a larger period. I would recomment the Mersenne Twister MT19937(http://en.wikipedia.org/wiki/Mersenne_twister) with its period of 2^19937 - 1. Then they could generate as many of these dooper-random numbers without repetition (at least in this universal lifetime).
The code for implementation is available in a number of different languages. Not cryptographically secure in its basic form, but ideal for large sample monte carlo simulation type uses.
This comment brought to you by the society to ruin the joke by being serious ;)
Admin
And just in case it isn't enough to compound Random(), re-entrancy issues will probably introduce their own unpredictability in this...
Admin
Not after I send my application off to the USPTO!
Admin
In case anyone missed it, the major wtf here is that the distribution represented by this class is NOT the uniform distribution (which most people expect -- be as likely to return "1" as "100001"). In particular, shorter numbers are more likely to occur than longer ones (because the length is chosen from a uniform distribution and then each digit is chosen independently from a uniform distribution).
While the programming isn't stellar, the real problem here is the author's complete and utter misunderstanding of "randomness". Hopefully they're not doing anything dependent on good random numbers!
Admin
Lollollollollllloooll If they aren't random then why use them?
Admin
This does not change the randomness but the probability density function. If Math.random() is uniformly distributed, this function returns logarithmic distributed random values (which is probably not intended by the author).
Admin
Why don't they just do this?
int Random() { Return Random(); }
Admin
Admin
Not as long as you might think. The distribution of getRandomNumberOfDigits is heavily biased towards smaller numbers, so you're actually more likely to get a number from 1 to 10 than from 11 to 100, which is more likely than a number form 101 to 1000, and so on. So you see, it's really an optimization to make sure their looping algorithm runs faster. After all, who knows how long it'd run if they just did "while (x > 10) x = Math.Random()*10000000000;"?
Admin
Who knows? Of course, man (not just God) knows.
Let Y be the no. of time that Math.Random() gets executed in a call of this code fragment. Assume the precondition x>10 upon entry. Assume further that Math.Random()*10000000000 returns an integer between 0 and 999999999 (inclusively) with even distribution.
Then, Y is a geometrically distributed random variable, with P(Y=1) = 1e-9, P(Y=2) = (1 - 1e-9) * 1e-9, ... In general,
P(Y=y) = 1e-9 * (1 - 1e-9)^(y-1)
The mean of Y is E(Y) = 1/1e-9 = 1e9 = 1000000000. i.e. the body of the loop runs 1000000000 times on average, under the assumptions stated above.
Admin
I love the comment next to the standard Java constructor. Yeah, dude, your constructor is TOTALLY there for parallelization and you're not just throwing that in to look badass. Suuure.
Admin
Especially when you call it at random!
Admin
I think it's for their next step.... the Random namespace, which includes the Random class, so they can add it all to their Random app.
Admin
I take it the coder hasn't heard about random.org.
Admin
why not use a secure random number generator if it matters that much?
Admin
Randomness haiku:
what will be will be
randomness is illusion
perception's limit
Admin
at least your offshore guys write better code than mine. I would be proud if mine could write that.
Admin
The best part is that it runs in parallel. So parallel streams will have potentially similar seeds in the random number generator meaning high correlation between the parallel random number generators.
Admin
It does not return logarithmically distributed function! Didn't you see the graphs tchize brought: http://img142.imageshack.us/my.php?image=density1ia8.png
???
The probability density function is fractal-shaped, because numbers that have less digits are more probable to appear: like 0,1 0,2 .. on the graph.
Even if you only square a continuous random variable with even probability density function, you will not get logarithmic distribution, but 1/x shaped distribution..
Admin
Can I borrow an infinite number of monkeys, please?
Admin
why don't you fill an array of numbers generated by a prng, pick an index within this array by an prng, use this the number at this index as seed for your prng, and still be as random as your prng is ?
Admin
This must be a spoof. What offshore code has a comment? Much less one that well written?
Admin
Actually, it is sorta kinda logarithmic. I used this algorithm as way to learn how to use some data analysis software -- I generated about 100000 samples and plotted a histogram of the results. When you look at the results on a log-log scale, it looks remarkably linear.
However, looking more deeply, a pattern emerges that should have been obvious from looking at the code. The numbers are uniformly random with each decade (i.e. uniform between 1 and 10, and between 10 and 100, and between 100 and 1000, etc.). However, the probability density within any given decade is 10 times higher than the next decade, i.e. the density of numbers between 1 and 10 is ten times greater than the density between 10 and 100, which is in turn ten times greater than between 100 and 1000, etc. As I said, this should have been obvious from the start, but I didn't realize it until I started playing with the analysis software and looking at details of the distribution.
Note: The distribution is not comparable to squaring a continuous random variable: random*random is not the same as (random)**2. Nor is the distribution fractal-shaped -- again, it's stepwise linear with the steps being logarithmically distributed along both axes.
Admin
This is actually not as bad as it seems - inefficient as all hell, but assuming your seed your RNG properly (it isn't in the listing, but it can be done outside this code easily), then you get this:
The problem is of course (again, aside from the inefficiencies) that you are going to get a random amount of entropy from each call (a random amount of randomness if you will) which can be very little - as low as a few bits, especially with the first few calls if you haven't seeded your RNG - which is not what you want when you want to be secure in your randomness
Admin
Nah, they'd just pick up the 3 and 7 and smack them together a bunch.
Admin
hmm...let me guess, that was a Debian Maintainer?