|
Nomnom Cookie posted:java.security.SecureRandom biyatch can you easily choose the distribution that this produces or is always just a uniform distribution in the specified range?
|
#
?
Sep 7, 2013 19:06
|
|
|
|
| # ? May 20, 2024 05:26 |
|
|
Isn't a uniform distribution a necessity for a CSPRNG?
|
|
#
?
Sep 7, 2013 19:13
|
|
|
hackbunny posted:Auto is not just convenient (especially to write foreach loops), but necessary due to the fact that in C++11 some expressions may have a type that you can't even express in code. For example, lambda expressions result in automatically generated objects with automatically generated type names that you simply can't know in advance I don't understand, is this some sort of name mangling issue? like that the type name encodes some type information that's not otherwise expressible in C++ and the encoding is platform dependent, or something?
|
|
#
?
Sep 7, 2013 19:26
|
|
|
Nomnom Cookie posted:java.security.SecureRandom biyatch did you c+p this from the s4ccurity fuckup megathread http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
|
|
#
?
Sep 7, 2013 20:17
|
|
|
Hard NOP Life posted:Isn't a uniform distribution a necessity for a CSPRNG? therefore this is a language feature microsoft will implement in vc++ in approximately never loving ever
|
|
#
?
Sep 7, 2013 20:19
|
|
|
Hard NOP Life posted:Isn't a uniform distribution a necessity for a CSPRNG? the standard definition uses uniform distributions, but that's just because it makes a lot of proofs simpler. it's not integral to the concept
|
|
#
?
Sep 7, 2013 20:36
|
|
|
tef posted:poo poo hn says
|
|
#
?
Sep 7, 2013 20:37
|
|
|
mnd posted:Since it's Rustchat Q&A, can anyone tell me why they dropped typestates? I read something about this. They dropped typestates because they weren't really using them. It was a bunch of code to maintain, and it started getting out of date, so they dropped it. Rust has userland threads, or "lightweight tasks" or however they call it, and typestate is not as useful in that sort of situation. You can emulate typestate pretty well with phantom types (and linear typing), if you're willing to create a new object with a different phantom type. Keeping typestate in the same object is the sort of thing you'd want to be able to do a lot more in event-based programming with callback hell. Maybe you can emulate it there with phantom types, too, I haven't thought much about that, but if you can do it, it's a bit more of a hassle.
|
|
#
?
Sep 7, 2013 21:02
|
|
|
gucci void main posted:I'm putting my faith in Rust. It might take 10 years, but eventually the performance will resemble C's. It's basically a compile-to-C language right now as it is. There's just a whole bunch of inefficiencies in the implementation. Once they get ironed out, we'll finally be able to have our cake and eat it too. One language to rule them all.
|
|
#
?
Sep 7, 2013 23:31
|
|
|
Cocoa Crispies posted:did you c+p this from the s4ccurity fuckup megathread this is dalvik/apache harmony specific IIRC. basically, securerandom is a secure random unless you're developing for android.
|
|
#
?
Sep 8, 2013 00:20
|
|
|
gucci void main posted:I'm putting my faith in PHP. It might take 10 years, but eventually the performance will resemble C's. It's basically a compile-to-C language with HipHop right now as it is. There's just a whole bunch of inefficiencies in the implementation. Once they get ironed out, we'll finally be able to have our cake and eat it too. One language to rule them all.
|
|
#
?
Sep 8, 2013 01:05
|
|
|
Posting Principle posted:can you easily choose the distribution that this produces or is always just a uniform distribution in the specified range? gently caress if i know all i ever want is uniform. anyway if you have a uniform distribution isnt it straightforward to transform it to some other distribution?
|
|
#
?
Sep 8, 2013 01:09
|
|
|
Nomnom Cookie posted:gently caress if i know all i ever want is uniform. anyway if you have a uniform distribution isnt it straightforward to transform it to some other distribution? you can transform a uniform distribution to a gaussian easily by two different methods, at least
|
|
#
?
Sep 8, 2013 01:12
|
|
|
Max Facetime posted:I don't understand, is this some sort of name mangling issue? like that the type name encodes some type information that's not otherwise expressible in C++ and the encoding is platform dependent, or something? No, every single C++ lambda creates a unique unnamed type (even if they have the exact same signature and capture). There's literally no way to declare a lambda without either using the auto keyword or instantiating the std::function template. Apple quite sensibly just made C++ lambdas silently convert to blocks.
|
|
#
?
Sep 8, 2013 01:14
|
|
|
its cute when c++ guys are like wowee this c++11 stdlib has EVERYTHING! i bet no other language has a stdlib this good i mean what other language has support for threading, and a memory model, and atomic operations, and regexes
|
|
#
?
Sep 8, 2013 01:24
|
|
|
Nomnom Cookie posted:gently caress if i know all i ever want is uniform. anyway if you have a uniform distribution isnt it straightforward to transform it to some other distribution? if you know the other distribution's inverse CDF it's really easy (just pick a random value between 0 and 1 and apply the inverse CDF to it)
|
|
#
?
Sep 8, 2013 01:24
|
|
|
yaoi prophet posted:if you know the other distribution's inverse CDF it's really easy (just pick a random value between 0 and 1 and apply the inverse CDF to it) apparently this operation is part of c++11 which is weird cause usually c++ guys love the hell out of yak shaving
|
|
#
?
Sep 8, 2013 01:26
|
|
|
erlang makes a lot more sense when you learn it's an operating system for telecom hardware
|
|
#
?
Sep 8, 2013 01:46
|
|
|
yaoi prophet posted:if you know the other distribution's inverse CDF it's really easy (just pick a random value between 0 and 1 and apply the inverse CDF to it) this isn't particularly fast unless your inverse CDF is really simple (like exponential) Box-Muller/Ziggurat for normal it's super easy to gently caress up generating random numbers even from "simple" distributions like poisson so having it standardized is a win
|
|
#
?
Sep 8, 2013 01:49
|
|
|
the talent deficit posted:erlang makes a lot more sense when you learn it's an operating system for telecom hardware it's as if you make tradeoffs and sacrifices when designing things
|
|
#
?
Sep 8, 2013 01:50
|
|
|
tef posted:jeff atwood branches out in to merchandising http://www.codinghorror.com/blog/2013/08/the-code-keyboard.html it's really lame that you cant post that someone deserves to die anymore. thanks nsa.
|
|
#
?
Sep 8, 2013 02:42
|
|
|
What. The. gently caress. Is yak shaving? Posted from my iPhone.
|
|
#
?
Sep 8, 2013 07:10
|
|
|
posting
|
|
#
?
Sep 8, 2013 07:13
|
|
|
Shinku ABOOKEN posted:What. The. gently caress. Is yak shaving? 90% of programming the other 10% is swearing
|
|
#
?
Sep 8, 2013 08:05
|
|
|
Nomnom Cookie posted:java.security.SecureRandom biyatch top tip: Random.nextInt(n) does a whole bunch of weird stuff that slows it down. use nextInt()%n for better performance in exchange for a minor loss of uniformity that nobody will ever notice
|
|
#
?
Sep 8, 2013 12:04
|
|
|
Soricidus posted:yagni, unless you're like literally a terrorist or a spy. java.util.Random is faster and ideal for all your high-performance legal cryptographic needs. nsa plant spotted
|
|
#
?
Sep 8, 2013 13:29
|
|
|
Nomnom Cookie posted:its cute when c++ guys are like wowee this c++11 stdlib has EVERYTHING! i bet no other language has a stdlib this good It's more like, only C++ puts in that extra little effort. Like containers letting you specify the allocator, or the whole iterators abstraction, or how you have both sort and stable_sort, or how the RNG lets you pick a generator and a distributiom independently, or the fact that you get to choose a distribution at all. Its a double edged blade that all but ensures that "controversial" stuff like bignums will never be standardized (oh yeah, loving bignums are controversial)
|
|
#
?
Sep 8, 2013 14:45
|
|
|
Soricidus posted:yagni, unless you're like literally a terrorist or a spy. java.util.Random is faster and ideal for all your high-performance legal cryptographic needs. i agree but dude was like "what other language has a csprng in the stdlib". except i dont agree with your recommendation to avoid Random#nextInt(int). readability >>> performance
|
|
#
?
Sep 8, 2013 15:06
|
|
|
hackbunny posted:It's more like, only C++ puts in that extra little effort. Like containers letting you specify the allocator, or the whole iterators abstraction, or how you have both sort and stable_sort, or how the RNG lets you pick a generator and a distributiom independently, or the fact that you get to choose a distribution at all. Its a double edged blade that all but ensures that "controversial" stuff like bignums will never be standardized (oh yeah, loving bignums are controversial) you mean the c++ committee doesn't have the balls to pick something and present a simple api edit: actually that was unfair, the c++ committee has balls they just got lazy and #included boost to make the new stdlib Nomnom Cookie fucked around with this message at 15:18 on Sep 8, 2013 |
|
#
?
Sep 8, 2013 15:08
|
|
|
Nomnom Cookie posted:i agree but dude was like "what other language has a csprng in the stdlib". except i dont agree with your recommendation to avoid Random#nextInt(int). readability >>> performance but my micro-optimizations!
|
|
#
?
Sep 8, 2013 15:15
|
|
|
Shinku ABOOKEN posted:What. The. gently caress. Is yak shaving? i need to cut down a tree, but my axe is dull i need to sharpen my axe, but i need to clean up the mess off my grinder i need to put away this hammer, but my tool rack is wobbly *20 steps later* i need to shave my yak it's basically when you lose focus on the original problem because you've got a too-long dependency tree built up a proud c-language and j-language tradition is to spend a shitload of time on making libraries and utilities and frameworks because there's a slight impedance mismatch or difference of opinion about the ones that already exist and because c++ 2030 is shipping a pointlessly reconfigurable prng it's depriving c++ programmers of their favorite activities (yak shaving) and making them do actual work
|
|
#
?
Sep 8, 2013 16:07
|
|
|
in the p-lang world you re-invent your regex parser in differently incorrect ways every project so no one knows which project has which vulnerability.
|
|
#
?
Sep 8, 2013 16:42
|
|
|
Nomnom Cookie posted:you mean the c++ committee doesn't have the balls to pick something and present a simple api I'll explain the bignum controversy, its one of those things that makes zero apparent logical sense unless you've been following C++ development for a while The biggest issue is transparent vs opaque: are bignums big byte arrays, or are they opaque pointers? Boost people want transparent, as you can control allocation and other apparently minor/irrelevant poo poo; however, practical circumstances dictate opaque bignums, because exactly nobody wants to reimplement bignums when theres a lot of mature and super-optimized implementations out there Another bignum controversy is lazy evaluation, where operating on bignums returns an abstract representation of the operation, which you realize at a later time (typically by assigning the result to a bignum), which actually executes the operation. Lazy evaluation is pretty much a necessity if you don't want a ton of temporary little bignums being created for every operation in an expression. But then If you're going to have lazy evaluation, should it come with an optimizer? If you have opaque bignums and the underlying implementation implements lazy evaluation (like GMP does), should you use that? Basically bignums should really be a built-in type, but the standardization committee will never go for that (what about allocators?!?!?! Or you could make bignums a built-in generic type where you can specify the allocator as a template argument... Hmmm...); or they shouldn't have int-like semantics because they'd behave in subtly different ways (with lazy evaluation, const auto x = bignum1 + bignum2 would result in x not being a bignum, and the addition not actually performed; evaluating x twice will result in the operation being performed twice; etc.). You know all the what-ifs that are usually pointless, like "what if one day there will be a compiler built-in that does Thing X?" (See: boost::typeof, designed around the then non-existent decltype) In C++ that poo poo is actually considered relevant, and horribly, it might actually be if enough people start using your code This is the (bull)poo poo that keeps C++ developers up at night, and one of the reasons "C++0x" was released in 2011 Nomnom Cookie posted:edit: actually that was unfair, the c++ committee has balls they just got lazy and #included boost to make the new stdlib Boost, like the STL in the 90s, is the standardization process, or at least 99% of it, the 1% being recompiling C++ into standardese and link-time optimizations to remove the controversial parts hackbunny fucked around with this message at 17:24 on Sep 8, 2013 |
|
#
?
Sep 8, 2013 17:21
|
|
|
|
|
#
?
Sep 8, 2013 19:23
|
|
|
yak shaving dot gif
|
|
#
?
Sep 8, 2013 19:37
|
|
|
was expecting it to turn into a breaking bad gif
|
|
#
?
Sep 8, 2013 20:15
|
|
|
its' time to cook timb
|
|
#
?
Sep 8, 2013 20:17
|
|
|
stop saying the words "yak shaving" it sounds like a gross furry fetish
|
|
#
?
Sep 8, 2013 20:48
|
|
|
Shinku ABOOKEN posted:stop saying the words "yak shaving" You wanna come round some time, help me shave my yak? 
|
|
#
?
Sep 8, 2013 21:08
|
|
|
|
| # ? May 20, 2024 05:26 |
|
|
although we call it yak shaving that's just when we're aware that we're solving the problem that looks interesting instead of solving the problem that matters. and the interesting problem is usually rewriting something from scratch as opposed to using something we don't understand, producing something just as undocumented as the original
|
|
#
?
Sep 8, 2013 23:20
|
|