This Week in Programming: Less Than Random

19 Oct 2019 7:00am, by

This week, an article over on I-Programmer tells us that time has come for Mersenne Twister to be considered harmful, citing the publication of a scholarly paper on the topic by Sebastiano Vigna.

Here’s the gist of the situation: essentially, the Mersenne Twister is a very widespread pseudorandom number generator (PRNG) that is “the default generator in C compilers, the Python language, the Maple mathematical computation system, and in many other environments,” and Vigna is arguing (in the paper’s title, even) that “it is high time we let go of the Mersenne Twister.”

This isn’t the first time that the Mersenne Twister has come under fire (it’s implementation in PHP actually had a typo for some years), but Vigna writes that “knowledge accumulated in the last 20 years suggests that the Mersenne Twister has, in fact, severe defects, and should never be used as a general-purpose pseudorandom number generator. Many of these results are folklore or are scattered through very specialized literature. This paper surveys these results for the non-specialist, providing new, simple, understandable examples, and it is intended as a guide for the final user, or for language implementors, so that they can take an informed decision about whether to use the Mersenne Twister or not.”

So, why are we still using this particular PRNG if it’s plagued by such problems? Vigna offers that “the problems of the Mersenne Twister are not immediately detectable in everyday applications, and most users really interested in the quality of their PRNG will make an informed choice, rather than relying on the stock PRNG of whichever programming environment they are using.”

The Mersenne Twister is a particular type of PRNG called an F2-linear generator and I-Programmer writes that its defects are easily avoided “if you take the bits generated as uniformly distributed in the interval 0 to 1 and then apply a non-linear transformation to a different distribution then the defects go away,” and hence remains popular and in-use.

Vigna, similarly, concludes that, “in particular, linear generators should never be used as general-purpose generators, unless their output is suitably scrambled by combining it with other, nonlinear generators, or by applying nonlinear maps. The current, dangerous ubiquity of the Mersenne Twister as basic PRNG in many environments is a historical artifact that we, as a community, should take care of.”

This Week in Programming

  • Adios, Perl 6, Hello Raku! That’s right, the long battle has finally ended, with Perl creator Larry Wall finally agreeing to approve renaming Perl 6 to raku, officially separating the language from its predecessor and, hopefully, allowing both to move on in peace and harmony. Time and again, for some years now, we’ve looked at the debate over Perl 5 and Perl 6 and the vast chasm that exists between the two languages — to the point that they are unrelated, many argue — and finally we can move on. In a comment, Wall said he was “in favor of this change, because it reflects an ancient wisdom.” Citing a Biblical quote that essentially boils down to the fact that it’s time to start over and move ahead, the decision was made to rename Perl 6 to Raku, which Perl blogger Ovid writes “will hopefully put to rest many of the deeply divisive arguments people in the Perl community have had over the rename. Though support for a rename was overwhelming, there was a loud minority who objected. But through it all, one thing remained clear: everyone meant well.”
  • Diving Into Errors in Go 1.13: If the error wrapping feature introduced with Go 1.13 was at all confusing to you, the Go team has penned a blog post that goes into all the details on working with errors in Go 1.13 to go into all the details. Basically, they write, “the pattern of one error containing another is so pervasive in Go code that, after extensive discussion, Go 1.13 added explicit support for it” in the form of “three new functions in the errors package, and a new formatting verb for fmt.Errorf.”
  • Python Moves on to 3.8.0: The Python community said that Python 3.8.0 is now available, the newest feature release that “contains many new features and optimizations.” To get the full dish, make sure to check out the full article that lays out what’s new in Python 3.8, but here are a few tidbits. The main feature of note, it seems, is the “walrus operator” or “:=”, which assigns values to variables as part of a larger expression and saves some code space. One Reddit user writes that “a very vocal portion of the Python community ran Guido out over assignment expressions” — or, this walrus operator. Another says they expect the walrus operator to be “occasionally useful” at best. Beyond that, there are several other features in Python 3.8 and Packt does a splendid job of examining both the features and the reactions.
  • Inside Rust & Rustup 1.2: The Rust team launched the Inside Rust blog a few weeks back, and the blog has kicked off with a series of team meetings and some deep-dive blog posts, such as the Infrastructure Team Meeting, Compiler Team Triage Meeting, and Lang Team Triage Meeting, and a blog post looking at improving async-await’s “Future is not Send” diagnostic. So, if you’re looking to really dive down into the internals of Rust development, this looks like a good read. Beyond blogging, the Rustup working group has been busy and announced Rustup 1.20.0 this week. Rustup is a Rust installer and the latest version features profiles support, which offers the ability to get the latest available nightly with all the components you need, as well as improvements to the rustup doc command. Basically, profiles support will speed up installation by introducing profiles, which are groups of components. Currently, the profiles are minimal, default, and complete, and are about what you might expect — minimal has just what you need, default includes all the previous components installed by default, and complete is includes all the components available through rustup, including miri and IDE integration tools (rls and rust-analysis).
  • AWS Backs Rust in “Promotional Credits”? In a bit more Rust news, AWS has begun sponsoring the Rust Project. Why, you might ask? They cite Rust’s values, which include performance, reliability, and productivity. Also, all the other cool kids like Google, Microsoft, and Mozilla are using Rust, and Lambda, EC2, and S3 all choose “to use Rust in performance-sensitive components.” And don’t forget, they say, they’ve “even open sourced the Firecracker microVM project!” What does this sponsorship mean? Before you get too excited, The Register writes that it basically provides “promotional credits” as part of a general open source sponsorship program by Amazon.
  • Firefox & Microsoft Release New Debugging Tools for WebDevs: Two releases this week for web developers. First, Firefox announced a new WebSocket inspector, which will be released in Firefox 71. For the itchy-fingered, it’s also ready to use in the Firefox Developer Edition now. The tool is a product of Heng Yeow Tan, a Google Summer of Code (GSoC) student, and it integrates some libraries to aid with “connection failures, proxies, authentication and authorization, scalability, and much more.” Upcoming releases are said to promise a binary payload viewer, and the ability to indicate closed connections and export WebSocket frames. Meanwhile, Microsoft also unveiled the ability to debug JavaScript in Microsoft Edge from Visual Studio. They note that the next version of Microsoft Edge will adopt the Chromium open source project, and that starting with Visual Studio 2019 version 16.2, they have extended Java debugging support to the preview builds of Microsoft Edge. For the full, lengthy details on how this works, with example, click through to the post.

Feature image by Gordon Johnson from Pixabay.

A newsletter digest of the week’s most important stories & analyses.