Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Scanning People's Intentions | Main | The Doghouse: Onboard Threat Detection System »
February 15, 2007
Random Number Humor
I'll bet this sort of problem is pretty common.
Posted on February 15, 2007 at 2:38 PM • 47 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Dice • February 15, 2007 3:29 PM
Hmm ...
I thought this one was much funnier.
http://xkcd.com/c155.html
Back to topic.
I remember being given instructions to set a password on a service account using a computer password generator program. The instruction also required adding some human random parts in the middle of the computer generated password as well. I asked why and was informed that the author of the instruction did not fully trust machine generated passwords and therefore liked to add a bit of human randomness. I suppose it made sense; unless you've written the code, you don't know how 'random' machine generated data is and even then you could be wrong.
bebe • February 15, 2007 3:44 PM
155 was good, too. I wonder how 'tire iron' figured with someone obsessed with raptors.
I think to be a seriously geeky joke, you have to get it without reading the comment.
I confess to needing the comment, and I thought it was pretty funny.
Paul Crowley • February 15, 2007 3:50 PM
Brian - laughing at any of xkcd makes you a geek. Don't worry.
"I think to be a seriously geeky joke, you have to get it without reading the comment."
I meant to say "I think to be a serious geek, you have to get it without reading the comment."
Carlo Graziani • February 15, 2007 4:00 PM
From "Numerical Recipes in C", chapter 7 ("Random Numbers"):
"One infamous such routine, RANDU [...] was widespread on IBM mainframe computers for many years, and widely copied onto other systems. One of us recalls producing a "random" plot with only 11 planes, and being told by his computer center's programming consultant that he had misused the random number generator: "We guarantee that each number is random individually, but we don't guarantee that more than one of them is random." Figure that out."
Arthur S • February 15, 2007 4:11 PM
I think the following http://web.archive.org/web/20011027002011/http://... also would make a good candidate as well
Undecidable • February 15, 2007 4:26 PM
I got stuck on the title.
Is it: (Random Number) Humor
or: Random (Number Humor)
I couldn't find any authoritative rules for the precedence of noun vs. adjective.
I think we should have a specification. But should it be submitted to ACM or IEEE?
Ctrl-Alt-Del • February 15, 2007 4:30 PM
We have prize drawers at our Christmas functions. These traditionally use "ticket drawn from a hat" model. One year the group organising it decided "Hey, we're a technology area, we should have a computerised drawing!" and they dumped the task of writing it on me.
I never win these prize draws, so I was not enthusiastic, but I did my best. I wrote a nifty little random number routine with a cute graphical front end. Input a list of names and it would output the name of the winner. I made an honest effort to ensure randomness within the limitations of the PC.
I tested it extensively and it worked perfectly. Come the day of the Christmas party ...
... and guess whose name popped out?
I've never lived it down.
Mae West • February 15, 2007 4:37 PM
@Ctrl-Alt-Del
> I've never lived it down.
Then you may as well be living it up.
Sgt. Riggs • February 15, 2007 4:40 PM
ctrl-alt-del:
"I never win these prize draws, so I was not enthusiastic, but I did my best."
It looks like you did just fine. Well done.
Peter • February 15, 2007 4:47 PM
@Arthur S
I thought of that Dilbert cartoon immediately.
My current email sig contains this quote:
"The generation of random numbers is too important to be left to chance." --Robert R. Coveyou
Spider • February 15, 2007 4:53 PM
In high school the first programming assignment of any difficult was to program a number guessing game. a "Guess which number I'm thinking of" -- sort of deal. At least 75% of the class would forget to seed the random number generator in Microsoft pascal. I used to impress people by getting the answer right the first time on their implementations.
UNTER • February 15, 2007 4:57 PM
Well, I would have found it funny, but the redundant coding style ruined the joke for me. Real geek humor:
grn() {return 4;} // grntd rnd frm dce rl
or
#define grn 4 //grntd rnd frm dce rl
Rich • February 15, 2007 5:19 PM
Reminds me of the A7 Navy plane that reported an alttitude of 3750ft if both altimeters (barometric and rader) were broken. Software Engineer D.L. Parnas couldn't figure out why the flight manual said that if the altimeter held at 3750, "Pull Up!"
adcw • February 15, 2007 5:39 PM
@UNTER - Now that is style. You'd probably appreciate this: http://www.elks590.org/main/cooltest.htm
Beryllium Sphere LLC • February 15, 2007 5:50 PM
It's both funny and profound, because "random" is one of those words everyone thinks they understand but which is diabolically difficult to define.
One easy way to think about it is that when someone says "random number generator" you should hear it as "random (number generator)" and not "(random number) generator". That's a good informal way to understand the principle that "entropy is a property of the source and not of the output".
There was a real-life case kind of like the xkcd cartoon. I believe it was Netscape that generated SSL keys based on the time of day. Problem was, only a few of the theoretically possible keys could actually be generated that way. It was millions of times better than just returning "4", but still an example of feeding too limited a source of input to a place that needed full randomness.
bjimba • February 15, 2007 6:01 PM
It seems to me that xkcd's program is perfectly correct, as long as the dice roll was fair. The unspoken (or uncommented) assumption, of course, is that it is for a one-time use program.
It would be interesting to see how the compiler would enforce this restriction. (I'm sure we remember how the Mission Impossible tape recorder used to enforce a similar restriction.)
Pat Cahalan • February 15, 2007 6:13 PM
"Make me a sandwich"
"What!? Make it yourself"
"Sudo make me a sandwich"
"Okay"
That was seriously still cracks me up.
Nate • February 15, 2007 6:25 PM
Actually, the most common random number seems to be 17. I didn't see this on this blog, so hopefully it's not a repeat.
David Thomas • February 15, 2007 8:29 PM
Best nerdy xkcd of late:
http://xkcd.com/c215.html
Not funniest, but...
DJ • February 15, 2007 8:40 PM
Beryllium, I remember that Netscape story well. I was in the room that weekend when Ian Goldberg declared victory in breaking the SSL. Didn't realize the significance until Monday's NT Times came out. Hehe. If only I knew how to short Netscape stocks.
jwd • February 15, 2007 9:20 PM
What's funny about that? This is almost the same implementation used by Apple in their Javascript.
Mordaxus • February 15, 2007 9:29 PM
Tsk. There's a bug in the code. If they had really used a fair die, it would have come up with 17.
Blair • February 15, 2007 9:37 PM
I am surprised that no one pointed out this one.
especially here...
Anonymous • February 15, 2007 9:40 PM
Let's not forget John von Neumann:
``Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.''
Kevin Way • February 16, 2007 12:36 AM
I'm just pleased that one of my favorite comic strips of all time got linked by one of my favorite blogs.
greg • February 16, 2007 2:39 AM
all jokes aside. Why don't all computers have some hardware based random number generator. They don't need to be as expensive as the comercial ones, and they don't need super high through-put.
I have wired up a few myself. Based on the waiting times between radation decays (I used a FPGA with a 64 bit LFSR counter, and output the state when a decay was detected-Still need to process this thou). You don't even need a radioactive source as you can use the background. Still need to entropy check the thing though, but it really isn't that hard.
And anyway everyone knows that real random number generators output primes, cus composisite numbers stink by factors.
Dilbert Reader • February 16, 2007 7:22 AM
I actually liked a Dilbert from a few years ago better.
Dilbert comes across the "Random Number Department" where a guy is sitting at his desk repeating "3... 3... 3... 3..."
Dilbert says something along the lines of, "It's not a random number if you always say '3'!"
To which the man replies, "Ah. But how you don't know it will always be '3'." Then he continues, "3... 3... 3... 3..."
(Sorry, Scott, for how I butchered your comic.)
Dave Aronson • February 16, 2007 7:48 AM
@Ctrl-Alt-Del:
> We have prize drawers at our Christmas functions.
So long as they're kept on....
Carlo Graziani • February 16, 2007 9:29 AM
Greg, on a linux box, "man urandom".
..."The random number generator gathers environmental noise from device
drivers and other sources into an entropy pool. The generator also
keeps an estimate of the number of bits of noise in the entropy pool.
From this entropy pool random numbers are created..."
Steve • February 16, 2007 10:11 AM
@ DJ and Beryllium,
I used Goldberg and Wagner's Netscape activities as a hint to look at the Kerberos v4 RNG in the mid '90s. Same shit, different pile.
https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/97-01.pdf
Steve
X the Unknown • February 16, 2007 2:25 PM
@Undecidabl: "I think we should have a specification. But should it be submitted to ACM or IEEE?"
That's why we have the much-maligned and often-discouraged hyphen. Properly used, it easily distinguishes "Random-Number Humor" from "Random Number-Humor".
supersaurus • February 16, 2007 2:33 PM
userdel -r megan would have worked better, even if disk space *is* cheap.
Fenris Fox • February 16, 2007 8:42 PM
Well, hey, at least it's truly random*!
The constant "code upkeep" required, however, may become tedious. =;o)
* This is assuming the dice are not loaded - but since having those is a felony in Nevada, they should do it here. After all, everyone follows laws, don't they? [sarcasm] =;o)
Fenris Fox • February 16, 2007 8:47 PM
@Peter
"My current email sig contains this quote:
"The generation of random numbers is too important to be left to chance." --Robert R. Coveyou"
Cute. =:o) :: giggle ::
Fenris Fox • February 16, 2007 8:49 PM
@Pat Cahalan:
""Make me a sandwich"
"What!? Make it yourself"
"Sudo make me a sandwich"
"Okay"
That was seriously still cracks me up."
That requires the root password. =;o)
Stefan Wagner • February 16, 2007 9:40 PM
Mhm. 17 is a pretty small random number, because it is prime, but really big random numbers, which are prime, are suspect.
Jay • February 17, 2007 11:57 AM
@greg
I recall reading a paper some years ago showing that seek-time differences in hard disks exhibited randomness due to random air turbulence from the spinning platter. It was not a high rate, but it was measurably random (if that's not oxymoronic).
aack • February 17, 2007 9:01 PM
I imagine all you discussiong (random number) generator and whatnot know about http://xkcd.com/c37.html
The forum thread (search for 'hyphen') contains great humour. :)
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments