math.random can't generate a good random number since it uses C rand()

[cqwrteur]

http://video.ch9.ms/ch9/9fb9/5f4cd3b...rmful_high.mp4



You can read lua source code.

[Deleted]

"math.random can't generate a good random number "

would you be so kind and define "good"?

(I hate lazy milenials who can not be arsed to write some text and only link videos...)

[thesmall001]

Yeah, man. Totally right my dude. Fortunately, WoW overrides some of these problems by using round-up a lot in order to favour higher probability on floating point values.

- - - Updated - - -

"math.random can't generate a good random number "

would you be so kind and define "good"?

(I hate lazy milenials who can not be arsed to write some text and only link videos...)

Urgh.

Basically, you think of the probability of getting a number from 1-100, you'd expect it to be 1 in 100 chance of getting a given number. The standard math libraries, for the languages from which most games are built, do not provide good simulations of randomness. They use procedures that cause rounding errors and predictable/replicable results.

LUA derives from C++, therefore, add-ons that use a "random" result (and much of the WoW engine) will suffer from these problems.

[rrp.nikolai]

Oh no, I hate RNG so much that I pulled this concept that I learned in high school and am now going to blame my entire gaming experience on an archaic programming technicality. Oh how wonderful my life is now I have an intangible explanation for lifes suffering.
Might as well just make the second leap and blame all of programming on God, then it's completely out of your control.

FYI. If you roll a dice it's not random because it has 6 determined sides and obeys physical laws. There is no such thing as "random".

[thesmall001]

Oh no, I hate RNG so much that I pulled this concept that I learned in high school and am now going to blame my entire gaming experience on an archaic programming technicality. Oh how wonderful my life is now I have an intangible explanation for lifes suffering.
Might as well just make the second leap and blame all of programming on God, then it's completely out of your control.

FYI. If you roll a dice it's not random because it has 6 determined sides and obeys physical laws. There is no such thing as "random".

All right, mate. Chill out a bit. I don't even think the OP was fussed about game systems as we're currently in the Mods and UI sub-forum. It's a fair and interesting criticism of the practical limitations of LUA as the dominating scripting language used in the game. If you found out that the odds of you rolling 99 or 100 were actually 2 in 37,000 (and not 1 in 50) you'd probably be a bit "Hmm..." too.

Likewise, there's a lot of "archaic programming technicalities" that still bite modern end-users on the ass because legacy code props up houses, so that's a fair point of discussion.

[Resike]

Please tell me what computer generated data is considered proper "random"? The answer is none.

[XDurionX]

If you'd be talking about space travel or brain surgery, you'd have a point, but games really aren't precision dependant.

BUT I CAN'T KILL KJ BECAUSE MY RNG IS BROKEN. Yeah, no.

[Resike]

Yeah, according to this forum it is "too random" or "not random enough". But it always works in the way that the mythic raiders get guranteed shit gear and legendaries, while the LFR scrub casuals always roll titanforged and BiS legendaries

This is a game. The more you play the less you get. I log in once every month and i always get a legendary the day i log in. Guess why? Because it's coded this way. They reward you to keep playing.

[dadev]

The standard math libraries, for the languages from which most games are built, do not provide good simulations of randomness. They use procedures that cause rounding errors and predictable/replicable results.

LUA derives from C++, therefore, add-ons that use a "random" result (and much of the WoW engine) will suffer from these problems.

The standard C++11 math library is quite good at generating random numbers for non cryptographic use. Whoever told you otherwise has no idea what he's on about.
Furthermore, rounding has nothing to do with generating random numbers in virtually any real world implementation, because they generate integers.
Why do you assume WoW engine uses the archaic rand() for randomness? Even if lua does, and the weak auras you write will suffer from it, it says nothing about what the actual engine uses. However, this is 100% irrelevant because random numbers are generated on the server which is not the WoW engine.

[cqwrteur]

C code in lua-5.3.2/src/lmathlib.c

Line26-Line36

Code:

#if !defined(l_rand)		/* { */
#if defined(LUA_USE_POSIX)
#define l_rand()	random()
#define l_srand(x)	srandom(x)
#define L_RANDMAX	2147483647	/* (2^31 - 1), following POSIX */
#else
#define l_rand()	rand()
#define l_srand(x)	srand(x)
#define L_RANDMAX	RAND_MAX
#endif
#endif				/* } */

Line239-Line271

Code:

/*
** This function uses 'double' (instead of 'lua_Number') to ensure that
** all bits from 'l_rand' can be represented, and that 'RANDMAX + 1.0'
** will keep full precision (ensuring that 'r' is always less than 1.0.)
*/
static int math_random (lua_State *L) {
  lua_Integer low, up;
  double r = (double)l_rand() * (1.0 / ((double)L_RANDMAX + 1.0));
  switch (lua_gettop(L)) {  /* check number of arguments */
    case 0: {  /* no arguments */
      lua_pushnumber(L, (lua_Number)r);  /* Number between 0 and 1 */
      return 1;
    }
    case 1: {  /* only upper limit */
      low = 1;
      up = luaL_checkinteger(L, 1);
      break;
    }
    case 2: {  /* lower and upper limits */
      low = luaL_checkinteger(L, 1);
      up = luaL_checkinteger(L, 2);
      break;
    }
    default: return luaL_error(L, "wrong number of arguments");
  }
  /* random integer in the interval [low, up] */
  luaL_argcheck(L, low <= up, 1, "interval is empty"); 
  luaL_argcheck(L, low >= 0 || up <= LUA_MAXINTEGER + low, 1,
                   "interval too large");
  r *= (double)(up - low) + 1.0;
  lua_pushinteger(L, (lua_Integer)r + low);
  return 1;
}

You could see this is wrong:
r *= (double)(up - low) + 1.0;

[Deleted]

This is exactly why my WoW crypto addon only uses the xkcd method:

[Velithris]

Please tell me what computer generated data is considered proper "random"? The answer is none.

Mersenne Twister provides way better results than C's rand(), and it is what is used as a pseudo-random number generator in Python. Cryptographically secure pseudo-random number generators also exist, but they need a decent source of entropy; modern operating systems usually provide such a CSPRNG, you can access it via CryptGenRandom() on Windows, or /dev/(u)random on Linux / OS X / BSD-family.

[Vladinator]

He did say in his opening that there is replacement functionality in C++11 that should be used instead of the old implementation. Chances are Blizzard are using better PRNG techniques than the srand/rand this guy is talking about in this presentation. Not to mention that all the important random logic happens on the servers, and we have no clue of their implementation.

Since this is under the Interface category, I'll assume it's to talk about the lua random function, that is probably, if even used, only used for Interface related animations and such, I doubt it's sensitive enough to even matter as long you do get random enough data from the function. Probably not good enough to be used for cryptography, but for the UI I don't see a problem.

[ComputerNerd]

He did say in his opening that there is replacement functionality in C++11 that should be used instead of the old implementation. Chances are Blizzard are using better PRNG techniques than the srand/rand this guy is talking about in this presentation. Not to mention that all the important random logic happens on the servers, and we have no clue of their implementation.

Since this is under the Interface category, I'll assume it's to talk about the lua random function, that is probably, if even used, only used for Interface related animations and such, I doubt it's sensitive enough to even matter as long you do get random enough data from the function. Probably not good enough to be used for cryptography, but for the UI I don't see a problem.

I think this sums up my thoughts.
What is "good", given where it is used.
Are there usage scenarios in which it is simply inadequate.

[judgementofantonidas]

"math.random can't generate a good random number "

would you be so kind and define "good"?

(I hate lazy milenials who can not be arsed to write some text and only link videos...)

any computer generated random number is never truly random because the programing used to determine the "random" number is based off of a seed number.

[cqwrteur]

any computer generated random number is never truly random because the programing used to determine the "random" number is based off of a seed number.

You are wrong. rdseed instruction.
https://github.com/euloanty/mingw-std-random_device

[Yuyn]

The math.random() function in WoW is not the standard Lua math.random() function; the Lua-standard function is found as fastrandom(), while math.random() is (since 5.4.2) a more-secure PRNG.

You are wrong. rdseed instruction.

rdseed and rdrand are (allegedly -- not open specification) high-quality, cryptographically-secure hardware-based PRNG, but they're still technically pseudorandom. The distinction is an academic one, in general, but judgementofantonidas is technically correct.

Truly random numbers are impossible for a computer to produce -- there's always some sort of input or state that they are derived from which, if you had enough information about, you could accurately predict the next number. In practice, modern PRNGs rely on too much input and have a large enough state that this is impossible.

[cqwrteur]

I think this sums up my thoughts.
What is "good", given where it is used.
Are there usage scenarios in which it is simply inadequate.

Stop talking none sense. Your words prove how terrible you are at programming again.
http://isocpp.github.io/CppCoreGuide...nes#Rper-space

- - - Updated - - -

The math.random() function in WoW is not the standard Lua math.random() function; the Lua-standard function is found as fastrandom(), while math.random() is (since 5.4.2) a more-secure PRNG.

Secure PRNG does not mean it must be good.
https://twitter.com/cqwrteur/status/868023555073515520

Which makes me wondering how bad blizzard's implementation is.

- - - Updated - - -

rdseed and rdrand are (allegedly -- not open specification) high-quality, cryptographically-secure hardware-based PRNG, but they're still technically pseudorandom. The distinction is an academic one, in general, but judgementofantonidas is technically correct.

Wrong. rdrand is PRNG. rdseed is TRNG.
https://software.intel.com/en-us/blo...and-and-rdseed

The numbers returned by RDSEED are referred to as "seed-grade entropy" and are the output of a true random number generator (TRNG), or an ehanced non-deterministic random number generator (ENRNG) in NIST-speak.* RDSEED is intended for use by software vendors who have an existing PRNG, but would like to benefit from the entropy source of Intel Secure Key. With RDSEED you can seed a PRNG of any size.

Truly random numbers are impossible for a computer to produce -- there's always some sort of input or state that they are derived from which, if you had enough information about, you could accurately predict the next number. In practice, modern PRNGs rely on too much input and have a large enough state that this is impossible.

You can generate truly random numbers by uncertainly principle.

https://en.wikipedia.org/wiki/Uncertainty_principle

[Resike]

Now imagine every time someone rolls something in game the whole Blizzard server park takes 42 seconds to generate a "truly" random number. Totally worth it.

[ComputerNerd]

Stop talking none sense. Your words prove how terrible you are at programming again.
http://isocpp.github.io/CppCoreGuide...nes#Rper-space

Refusing to answer my question.
By what standards is it not "good".
Are there actual scenarios in addons where that is not adequate.

What isn't good by some standards does not make something bad for all cases.
That there is a better version isn't being debated.
But whether this implementation is good enough for what it is intended to do.
That is what I am asking.