Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94137
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 75880 invoked from network); 19 Jun 2016 21:18:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Jun 2016 21:18:42 -0000
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.107 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 173.203.187.107 smtp107.iad3a.emailsrvr.com Linux 2.6
Received: from [173.203.187.107] ([173.203.187.107:53709] helo=smtp107.iad3a.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 99/A4-18862-03C07675 for <internals@lists.php.net>; Sun, 19 Jun 2016 17:18:41 -0400
Received: from smtp14.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1])
	by smtp14.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 7FDC72807AB;
	Sun, 19 Jun 2016 17:18:38 -0400 (EDT)
X-Auth-ID: fsb@thefsb.org
Received: by smtp14.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 5A98E280792;
	Sun, 19 Jun 2016 17:18:36 -0400 (EDT)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12])
	(using TLSv1 with cipher DES-CBC3-SHA)
	by 0.0.0.0:465 (trex/5.5.4);
	Sun, 19 Jun 2016 17:18:38 -0400
User-Agent: Microsoft-MacOutlook/14.6.4.160422
Date: Sun, 19 Jun 2016 17:18:34 -0400
To: php-internals <internals@lists.php.net>,
	Fleshgrinder <php@fleshgrinder.com>
CC: Christoph Becker <cmbecker69@gmx.de>,
	Niklas Keller <me@kelunik.com>,
	Pierre Joye <pierre.php@gmail.com>
Message-ID: <D38C4E78.6F6DA%fsb@thefsb.org>
Thread-Topic: [PHP-DEV] [RFC] RNG fixes
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <CAEZPtU4=o-Do36zGO+roF91S7awyY1dPPyqT-1y_BU6wGQjrSw@mail.gmail.com>
 <CAEZPtU4QPW1jd5OfFU_c_rhtX1SeiDJyYfaABD-6_UgaJkT16g@mail.gmail.com>
 <CAEZPtU5+UyPKgbVrs6892Gz3DXfL6XP5WFoH30gxAo-6vpBsFA@mail.gmail.com>
 <CAEZPtU5GYG9h7r71UvYbHkQFD7maeGhK5NmJKkgd9vaqm=39wA@mail.gmail.com>
 <1726fd34-8c3c-0af8-ab97-630cbbf13772@fleshgrinder.com>
 <edbcdcaa-8a57-d598-2bf2-234dff7c9799@gmx.de>
 <49fb7830-b186-523a-696c-39e251738bdb@fleshgrinder.com>
 <CAEZPtU7+Nm0QmdoJSiwAB9wpfvrGXvLeinY9BX6fh++E0DO0OA@mail.gmail.com>
 <CAEZPtU59juPuxSJsFmUNesxKxZnExRXSeBoKFgyrtjS8L_0YZw@mail.gmail.com>
 <CAEZPtU6=4KOEVg_jYN8tvV_CYtAZO3iS9JEYtytEzoTtqaBpMw@mail.gmail.com>
 <CAEZPtU6t2ZxEr_h5DHY2jvMWP8JU3S1RKhHu=KojvkRdObdsOg@mail.gmail.com>
 <CAEZPtU6PR5NtjjawqvrJdWLr2aHCpiJKG_2WmicSa3XifbOiTA@mail.gmail.com>
 <CAEZPtU6fqJQeQoi3gThm+Z6c5=18k1TX-5FZEnB+aphv+N1GrA@mail.gmail.com>
 <CAEZPtU5WrgkLGn1v5N3bKMhMuS1MaMVUUwL2fwCDXhP8HW4rRg@mail.gmail.com>
 <c91e4dfd-a6d2-51c2-2e84-2012dcccbe97@fleshgrinder.com>
In-Reply-To: <c91e4dfd-a6d2-51c2-2e84-2012dcccbe97@fleshgrinder.com>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: fsb@thefsb.org (Tom Worster)

On 6/19/16, 12:59 PM, "Fleshgrinder" <php@fleshgrinder.com> wrote:

>This matches Tom Worster's analysis of mt: it's just crap. :P

Actually I satisfied myself that both MT19937 and PHP's mt_rand() produce
good quality random variates and I posted the evidence behind the belief.
I don't think being slow and inefficient with memory justifies removal or
deprecation (premature optimization).

I think the decision to change this RNG or not is best left to the users.
Only they understand the pros and cons of their specific context.
Furthermore, I would prefer that if they decide nothing, perhaps even
being unaware of the question, they can upgrade PHP and their programs
still work.

This is my opinion.


>I am sorry if it seems to you as if I am ignoring you, Quite the
>opposite is the case. It is just unbelievable to me that we are trying
>to keep these functions if there are so many better alternatives that we
>can provide to our users. There is nothing bad about a deprecation
>together with a much better alternative. I cannot imagine that anyone
>has a problem with that.

It is quite common that different people can have full and correct
appreciation of the technical aspects of something and have different
judgements regarding the best action. So I am surprised you cannot imagine
that someone who disagrees with your conclusions could understand the
facts of the matter.

In the language of politics and policy, since that's what this really
is... You advocate a top-down structural approach to changing individual
behavior for their own and the greater good. I advocate for new
facilities, education, and the individual's responsibility to decide
what's best for them. Subjective differences like this shouldn't be
unbelievable, they should be expected.


>* Let me know if I missed any other argument that clearly explains why
>mt_rand() cannot be deprecated and removed. Oh, yes, I am ignoring the
>legitimate usage from a private software that is unsharable because this
>argument cannot be verified.

As a general matter of taste, I don't like to be drawn by the "prove me
wrong" rhetorical method. And in this specific position of this
php-internals thread I don't see any chance of changing minds by arguing
over what constitutes a legitimate use of a random in a PHP program. So,
on both counts, I prefer not to.

You have clearly stated your positions and explained your reasons. Please
grant that other people with different positions and reasons may not feel
any need or desire to prove you wrong and please don't represent this as
evidence in support of your assertions.

Tom