On Mon, Mar 31, 2014, at 03:14 PM, Theo de Raadt wrote: > > > I wondered about just doing $((RANDOM+RANDOM)) but don't know the > > > pros and cons of that approach - it's not exactly arc4random_uniform.. > > > > I wanted to stay in the spirit of portability. RANDOM is a ksh > > extension and difficult to check for reliably. > > Well... > > openssl is an extension. It is not standardized. > /dev/*random is an extension. It is not standardized. > > Any way of getting random data is an extension. > > Of course it isn't a conspiracy. After all, random is hard. > And you wouldn't want to do it wrong, so it is better to not > do it at all! It depends a lot on what you're using the numbers for.
Also, a lot of standards began their life as a Screwball Proprietary Way To Do Something. Netscape's frame extension is a good example of this; during the very early days of the web, Netscape submitted it to the W3C, was pretty much flatly rejected, and released their browser with the frame "enhancement" anyway. For better or worse, W3C finally standardized this abomination in HTML 4. (By "good example" I mean the example is good, not the frameset tags themselves or how either Netscape or W3C handled the situation.) -- Shawn K. Quinn skqu...@rushpost.com
