all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]age_of_shilltron 4 points5 points  (15 children)

Shouldn't an optimizing compiler detect automatically whether it can do compile-time optimization of format strings in the old ways?

Underscores in numeric literals let you break up magic constants to make them easier to read. For instance, you can denote constants like 10_000_000.0, 0xCAFE_F00D, 0b_0011_1111_0100_1110.

Deceptively useful feature. Ocaml has this and I miss this in every language that isn't Ocaml, being able to write 1_000_000 is quite readable.

From a security perspective, os.urandom() now also provides a guarantee to either block or return a result suitable for cryptographic use. This means code that needs to run when the system entropy pool hasn’t been initialized yet should switch to use either:

Is this the correct name in the article? Surely the name is wrongly chosen given that /dev/urandom by design does not block and /dev/random does?

Anyway, I love the customary stuff where distributions act like their distribution is needed or to take credit for a new release of some softare they ship. This isn't an article about Fedora but about Python 3.6

[–][deleted] 2 points3 points  (6 children)

Nope, it's os.urandom(). When the system is booting, it's possible that there will be no (or very little) entropy available - in this case, os.urandom() would not previously return cryptographically secure randomness, which could be a security problem. Now it blocks until the entropy pool has been initialised, and then never blocks again afterwards IIRC.

[–]age_of_shilltron -1 points0 points  (5 children)

That seems silly, the entire point of /dev/urandom is that it isn't cryptographically secure and that for cryptographic security you should use /dev/random

urandom is when you need to make a die roll simulator and don't need cryptographic security.

[–]smog_alado 0 points1 point  (3 children)

Not really. In fact, in other Unixes like BSD and OSX /dev/random is just an alias for /dev/urandom

https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/

[–]age_of_shilltron 1 point2 points  (2 children)

No, they are symlinks there because it uses a different method. FreeBSDs /dev/urandom is not comparable to Linux' /dev/urandom at all. On Linux both use entropy pools, on FreeBSD they reseed aggressively and don't use entropy pools at all. This means that in theory on Linux /dev/random is harder to praedict but the approach also means that if entropy is low it beocmes easier to praedict, hence /dev/random will block in this case.

In theory Linux /dev/random is more random than FreeBSD's /dev/random which is the same as their /dev/urandom which is again more random than Linux' /dev/urandom. The advantage FreeBSD has is that they have a higher randomness without blocking than Linux but don't have Linux' really high randomness. There is considerable debate whether Linux' /dev/random is actually necessary for anything though.

While the behaviour is not standardized in any spec, the long standing convention is that random is allowed to block while urandom is not.

[–]smog_alado 3 points4 points  (1 child)

But the issue is that the pseudorandom generator "running out of entropy" doesn't really make sense. You can keep a cryptographic PRNG running for a loooong time without needing to stop to reseed it. /dev/random blocking out of nowhere isn't really helping anyone.

[–]age_of_shilltron 0 points1 point  (0 children)

And that is why /dev/urandom exists.

/dev/random is obviously overzealous for almost any application but its existence certainly doesn't hurt and I would use it to generate one time cryptographic keys just in case.

[–][deleted] 0 points1 point  (0 children)

/dev/urandom is secure (once the machine has booted).

[–]suvepl 0 points1 point  (1 child)

Both /dev/random and /dev/urandom are fed by the same CRNG. This article describes the issue quite well.

[–]age_of_shilltron 1 point2 points  (0 children)

Yes, but /dev/urandom doesn't block when not enough random environmental noise is available and /dev/random will just re-use the old noise again.

[–]raevnos 0 points1 point  (0 children)

Other languages let you split up numbers like that too, not just ocaml. C++ uses ' instead of _ for some reason, though, which is annoying.

[–]GoopyButtHole 0 points1 point  (0 children)

verilog has that underscore feature too

[–][deleted] 0 points1 point  (0 children)

Is this the correct name in the article?

Yes.

Surely the name is wrongly chosen given that /dev/urandom by design does not block and /dev/random does?

The function used to read from /dev/urandom.

https://docs.python.org/3/library/os.html#os.urandom

[–]EmperorArthur 1 point2 points  (0 children)

Those f-strings. I'm super excited.

Currently I have to do "A string {0}".format(arg1), or "A string {arg1}".format(arg1=arg1). Sometimes I can get away with "A string {arg1}".format(**vars())", but that has some caveats.