I was genuinely interested in the topic and clicked on the link. I was met with an interface that was alien to me, as if someone went out of their way to make it unusable and semi-broken. Browsers have an established UI with a scroll bar, yet people constantly find new ways to break it.
Using a scroll bar to fix the decision to not use the scroll bar as the main navigation tool. ( And the page is torn unless the window has the correct width. )
I'm not really qualified to speak as to its statistical properties, but I've used this generator a couple times.
The biggest downside I ran into is that it requires 64 bit numbers even for the 32 bit RNG, which means its very simple code becomes more complex on a platform with only 32 bit numbers, or in a scripting language. Also, it's not a CSPRNG, if this matters to you.
This is minor though, and I would use it again. It's flexibility for seeding and easy serialization outweigh this IMO (and it's still simple compared to e.g. mtrand)
I must have done something wrong, but I tried the basic C implementation (https://github.com/imneme/pcg-c-basic) on a quick Diehard-like test and it failed. I'm still trying to understand why. Probably not its fault, just that the code is not as forgiving and ready-to-consume as I had expected.
It passed for me. Where did you get the diehard test? If you compiled it directly from http://www.stat.fsu.edu/pub/diehard/ then it is because that source is broken.
I actually tried a modified OCaml implementation of a very simple test. The issue is probably due to bad seeding/initialization: if I use the given static seed, it passes, but if I try to provide any other seed, it fails on at least one test.
I'll try to find a more complete/better tested port, or try to do it myself.
Speaker mentions[0] that it is possible to get a different statistically random value every time you run the program, without any input to the program, apparently by using some tricks, but she refuses to elaborate for the camera. Can anyone explain how that works?
Has this something to do with address space randomization?
> (This last one relies on the operating system placing myRNG at a different address every time the program is run. It's not as strong as the other techniques.)
Linux gives each process a 32 bit random seed, which is probably more useful (as is making a syscall). On an embedded system the address seed may well be useless anyway.
The intersection of people who are willing to rewrite all their arithmetic to use such a library with people who are not willing to switch to a non-C language is rather small.
Most projects still written in C are those that make extensive use of C libraries. Making the application code immune doesn't actually reduce the vulnerability surface much - much of the vulnerability comes in the libraries the application calls.
My point, though, is that if a random Italian consultancy can amass multiple Flash 0-days, the folks at the NSA with the $10+ billion budget probably have an essentially endless supply of them (not to mention exploits for other software) at the ready.
https://news.ycombinator.com/news?p=33
Don't tell me this was caused by user flags, because it clearly wasn't.
Edit: It is completely gone now.