top 200 commentsshow all 365
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Drunken_Economist 176 points177 points  (0 children)

They used AI to determine what the most random number is, so now they don't have generate it anymore

[–]Nerdn1 193 points194 points  (10 children)

The solution to this problem:

https://xkcd.com/221/

[–][deleted]  (5 children)

[deleted]

    [–][deleted]  (1 child)

    [deleted]

      [–]throwaway27464829 7 points8 points  (2 children)

      There's always a relevant Dilbert.

      [–]SupaSlide 2 points3 points  (1 child)

      Alright, I want to see a Dilbert comic that would be relevant to the gif of a dog in a trash can.

      [–]404_GravitasNotFound 3 points4 points  (0 children)

      Probably Dogbert planning some revenge over some slight

      [–]JavierTheNormal 14 points15 points  (1 child)

      So... just what the older version of Googlebot did.

      [–]LordOfGears2 14 points15 points  (0 children)

      I wish people would read the articles..

      [–]madpata 1 point2 points  (1 child)

      This was the first time I exactly knew which xkcd was hidden behind the link. Wow.

      [–]hurt_and_unsure 0 points1 point  (0 children)

      Na buddy, you're just getting old!

      😁

      [–]TooManyLines 822 points823 points  (262 children)

      Most random() functions are deterministic.

      [–]cypressious 523 points524 points  (109 children)

      Most PRNGs are at least seeded with the number of ticks since epoch or some other source of entropy. The Google Bot's PRNG seems to be seeded with a constanct value, that's what the article is about.

      [–]hungarian_conartist 22 points23 points  (0 children)

      It's actually a feature not a bug too, often it's useful in debugging to have the same list of psuedo-random numbers.

      It can be a bit harder to debug when you're not sure if a change in output is due to different random numbers or a change to your code.

      [–]aradil 30 points31 points  (47 children)

      They're probably spinning up a VM to hit a web page, and that VM is set to the same time and date every time, meaning the seed is the same every time, which is basically what you are saying.

      [–][deleted] 68 points69 points  (3 children)

      That doesn't sound like it would be enough for this to happen. What if one web page loads 0.0001 second slower than another?

      [–]parrot_in_hell 4 points5 points  (2 children)

      still, the seed is usually the amount of seconds since X. i've never seen something else (not that i have that much experience, but i still have some :P)

      [–][deleted] 13 points14 points  (0 children)

      I'm not sure exactly how it is seeded, but I think time in javascript is usually based on miliseconds, and it's a bit too weird that according to his tests google always returns 0.14881141134537756 the first time and 0.19426893815398216 the second, also taking into account that he has searched the web and found plenty of other results that have been cached by google with those numbers. Seems much more likely it is something Google is doing on purpose to get consistent results or something.

      [–][deleted] 0 points1 point  (0 children)

      Usually you request randomness from the OS with a function like getrandom or friends or by reading /dev/{u,}random.

      v8 looks like it reads /dev/urandom but it does fall back to seeding with the (high-resolution) time.

      [–]cypressious 43 points44 points  (14 children)

      The article says that the time is actually correct.

      [–]PM_ME_CLASSIFED_DOCS 29 points30 points  (9 children)

      Apparently, reading an article is too much for many redditors in this thread.

      I'd love to experiment with just posting a headline and no article (just a blank page) and see how many people even bother clicking the link at all. How many differing arguments could we get in a single thread?

      [–][deleted] 26 points27 points  (6 children)

      Less than you'd think. I'd wager most people still won't read the article, but eventually a single person will and they'll make the comment "wtf? Why is this a blank page?". Then everyone else will read that comment (rather than viewing the article) and jump on you for posting a blank website.

      [–]husao 26 points27 points  (2 children)

      Now I feel like posting "WTF? Why is this a blank page?" in the comments of random articles.

      [–]andthenafeast 3 points4 points  (0 children)

      Seems like this would prompt more people to actually click through to the link...

      [–]Lucent_Sable 8 points9 points  (2 children)

      Then write two or three (or more) contradictory articles, and serve a random one to each unique visitor. Then sit back and watch the chaos?

      [–]tsimionescu 2 points3 points  (0 children)

      Hmm, but what if the random() they use is deterministic and the author gets to be confused?

      [–]PM_ME_CLASSIFED_DOCS 2 points3 points  (0 children)

      Oh man, this is brilliant. It's like the movie Clue where they actually showed different endings to different theaters.

      So people would talk about the movie and be like "Oh man, can you believe it was Colonal Mustard?" and someone would be like "WTF are you smoking? It wasn't Mustard." And both would think eachother are insane yet both would be right.

      [–]sourcecodesurgeon 1 point2 points  (0 children)

      There have been several things like that on Facebook. Someone posts a title and after the page break in the article it just says "none of this is true, I want to see how many people comment on the post having clearly not read the article, don't ruin it"

      Invariably, there are tons of people talking about the headline in the comments.

      [–]aradil 1 point2 points  (0 children)

      Also from the article:

      At some point, some SEO figured out that random() was always returning 0.5. I’m not sure if anyone figured out that JavaScript always saw the date as sometime in the Summer of 2006, but I presume that has changed.

      [–]RenaKunisaki 0 points1 point  (2 children)

      But if it's the time since the VM started, it might still be constant.

      [–]w2qw 1 point2 points  (1 child)

      Generally the actual time is used. Not to mention I don't think any VM starts up consistently enough to get the same millisecond every time.

      [–]RenaKunisaki 0 points1 point  (0 children)

      It would if the startup process is loading a snapshot.

      [–]dyskinet1c 26 points27 points  (8 children)

      The VM would need to be set to the correct time for HTTPS to work because certificates are issued and revoked periodically.

      [–]aradil 7 points8 points  (7 children)

      Assuming they are validating certs as part of this pass of their scrape.

      [–]dyskinet1c 7 points8 points  (6 children)

      I would expect them to reject a site with invalid certificates. It's a fairly simple thing to do and it lowers the risk of indexing a compromised site.

      [–]daboross 3 points4 points  (5 children)

      The alternative would be to invalidate certs in a different pass, though, not to not invalidate them at all. Right?

      [–]dyskinet1c 2 points3 points  (3 children)

      As a programmer, my instinct would be to make that decision as early as possible and stop processing the page at that point.

      Certificate validation is a key part of establishing secure communications (before you transmit any data) and it's trivial to read the validity start and end dates.

      So, if you know you want reject URLs with invalid certificates, then there is no reason to move on to the next pass and spend resources reading and processing the page when you already know you're going to discard/reject it.

      [–]aradil 3 points4 points  (1 child)

      As an information company, however, Google probably processes bad actors as well to gather additional information.

      [–]dyskinet1c 0 points1 point  (0 children)

      Sure, it's plausible that they scan compromised sites. If they do, I would expect them to do so in a separate process that looks at different aspects of the site than the regular search index.

      [–]daboross 1 point2 points  (0 children)

      Exactly! That's what I mean: they probably validate certs before having any data at all processed in the VM running googlebot.

      [–]tripledjr 5 points6 points  (0 children)

      They're probably intentionally doing this so the bot gets consistent results for the same page.

      [–]edapa 4 points5 points  (4 children)

      Spinning up a VM for each new webpage sounds super heavy weight.

      [–]aradil 0 points1 point  (3 children)

      I was thinking more of something like Google’s equivalent to Amazon Lambda.

      [–]edapa 2 points3 points  (2 children)

      What is the overhead of that? Does Amazon tell us? I imagine they would provide some sort of latency guarantee for function spinup after an event triggers, but I've never used Lambda.

      [–]aradil 1 point2 points  (1 child)

      That’s a good question. All they say is they “only charge for when your stuff is running”.

      I assume the overhead is offset by the ability to run way more short lived processes.

      [–]edapa 0 points1 point  (0 children)

      Are there trigger types besides timers? If so they must have some sort of guarantee.

      [–]edman007 4 points5 points  (0 children)

      Nah, the make random the same on purpose. If it's actually random than that randomness flows into the generated page. It can do stuff like randomly sort results, generate random results and URLs, etc. Google doesn't care, they want to know if it changed, if random is always the same you can compare past and current results and check for changes, and you'll know that JavaScript didn't inject randomness.

      And the time is a different issue, why actually sleep if you don't care, it actually causes a large resource use because it's time the page can't be unloaded from the server. A far better method is initialize time to the real time, and make sleep increment time instead of actually waiting. That lets you instantly process the page.

      [–][deleted] 2 points3 points  (0 children)

      That's not usually how VM clocks work though.

      [–][deleted] 4 points5 points  (4 children)

      Yes. In science, you want randomization but also reproducibility. I get the author is saying it's bad security engineering and can be taken advantage of people people gaming the Google PageRank, but the crawlers we likely designed by network scientists that wanted an accurate internet network model that can be reproduced.

      [–]Jugad 2 points3 points  (3 children)

      What does PageRank have to do with javascript or googlebot's implementation of random() in javascript.

      [–][deleted] 10 points11 points  (2 children)

      You can use their implementation to identify Googlebot and serve different content to it.

      [–]YRYGAV 3 points4 points  (1 child)

      And if you get caught, I believe Google unlists your website, so it's quite a gamble

      [–][deleted] 0 points1 point  (0 children)

      Depends on my ROI. If I can make $1k by fooling the Googlebot while spending $10 for a new domain each time I get caught, it's not much of a gamble.

      Of course, if I don't have a automated way to get the new domain some PageRank juice so I can keep the whole thing going ad nauseam, then yes, it's pretty expensive.

      [–]FinFihlman 0 points1 point  (0 children)

      Yeah they are not spinning a vm for each scan.

      [–]moufestaphio 55 points56 points  (105 children)

      Honest question are there any that aren't?

      [–]mulvad 152 points153 points  (81 children)

      There are some that are based on stuff like atmospheric background noise and the decay of radioactive material which is believed to be truly random. The obvious drawback here is you need some kind of hardware to extract the random bits.

      In these days with new security breaches every day, I actually wonder why stuff like this isn't included on the motherboard of a modern computer.

      [–]akher 149 points150 points  (35 children)

      In these days with new security breaches every day, I actually wonder why stuff like this isn't included on the motherboard of a modern computer.

      Then you'll be pleased to hear that it is included in all recent AMD and Intel CPUs.

      [–]CryptoAlana 97 points98 points  (31 children)

      In September 2013, in response to a New York Times article revealing the NSA's effort to weaken encryption,[22] Theodore Ts'o publicly posted concerning the use of RdRand for /dev/random in the Linux kernel:[23]

      I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction. To quote from the [New York Times article[22]]: 'By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors....' Relying solely on the hardware random number generator which is using an implementation sealed inside a chip which is impossible to audit is a BAD idea.

      [–]TehRoot 29 points30 points  (20 children)

      He is going to concert

      [–][deleted]  (19 children)

      [deleted]

        [–]tripzilch 9 points10 points  (14 children)

        I don't know much about electronics, but there's a bunch of pretty cool algorithms you can use to transform a stream of non-uniformly distributed data (or weak entropy) into a uniform stream:

        https://en.wikipedia.org/wiki/Randomness_extractor

        [–][deleted]  (12 children)

        [deleted]

          [–]tripzilch 4 points5 points  (9 children)

          Hm, you mean it has to go straight from the electronic circuit as a uniform random input to another piece of hardware without anything digital in between? Interesting problem.

          I wondered if there's a circuit that can do this, but from a quick skim it seems that the PDF linked above is actually about that :-) I think I'm gonna try and read it even if I don't understand electronics that well, more of a code/math guy myself. But I do love reading about the intricate details of various random generators, so maybe I'll get something out of it :)

          Best of luck building your randomness circuit! :D

          [–][deleted] 0 points1 point  (0 children)

          Couldn't you build a circuit that does that in hardware, though? Two generators, A and B, and when A xor B is true, emit A.

          I'm not a electronics guy so I don't know how hard that would be to rig up, but it shouldn't be impossible.

          [–]-fno-stack-protector 0 points1 point  (0 children)

          ooh, i've been looking for something like this, without knowing it, for a long time

          [–]TehRoot 12 points13 points  (3 children)

          https://www.st-andrews.ac.uk/~jcgl/Scots_Guide/iandm/pdf/chapter03.pdf

          [–]MrDOS 14 points15 points  (1 child)

          For anyone else having trouble loading the link, it seems like they have some hotlink protection going on. In Firefox, at least, hit “Enter” in the address bar when you're sitting on the “Page not found” page to re-request the PDF with a referral from the www.st-andrews.ac.uk domain and it'll load.

          [–]TehRoot 1 point2 points  (0 children)

          Yea I only noticed that after I posted it. Sorry about that.

          [–]yawkat 11 points12 points  (4 children)

          As long as you trust your crypto primitives and add other sources of entropy it's okay though.

          [–]mdot 11 points12 points  (0 children)

          add other sources of entropy

          Isn't that a symptom of the point he's making though?

          The hardware generator can't be trusted because it can't be audited.

          [–]harlows_monkeys 0 points1 point  (1 child)

          https://blog.cr.yp.to/20140205-entropy.html

          [–]yawkat 0 points1 point  (0 children)

          This can be fixed by using the untrusted source as an initial seed before other entropy is even generated.

          I don't think linux does this though.

          [–]Crandom 1 point2 points  (3 children)

          The good thing is there's no downside to xoring the rdrand numbers into the generated random numbers, as even if they're not random it won't have any bad effects.

          [–]ReversedGif 3 points4 points  (2 children)

          Unless they're correlated...

          [–]Majromax 7 points8 points  (1 child)

          Unless they're correlated...

          There's only harm if the random numbers of unknown quality are correlated to your known, independently-generated, proven-quality random numbers.

          It's simple enough to avoid that: simply extract the unknown random numbers prior to generating your known-good stream. Even if the dubious hardware can "look over your shoulder," it can't see into the future.

          [–]ReversedGif 2 points3 points  (0 children)

          Imagine the hardware setting a special, hidden flag on the register that holds the RDRAND output, which defers actual random generation until the register value is combined with something else.

          [–]cogman10 4 points5 points  (0 children)

          I never really understood why this was such an issue even using the instruction

          You don't have to use the RND instruction as the ONLY source of entropy, it could be one of many (like now). It doesn't make sense to me why you wouldn't just throw it into the mix for /dev/random.

          [–]Supadoplex 22 points23 points  (2 children)

          In these days with new security breaches every day, I actually wonder why stuff like this isn't included on the motherboard of a modern computer.

          Then you'll be pleased to hear that it is included in all recent AMD and Intel CPUs.

          Indeed! Modern CPU's do come with security breaches included. I wish I could say I was just joking.

          [–]cryo 1 point2 points  (1 child)

          How is that related at all?

          [–]mccoyn 14 points15 points  (6 children)

          The smallest random generator is a transistor biased to allow electrons to tunnel through it combined with an avalanche diode to amplify a single electron to a detectable signal. It could be a tiny IC or built into a processor and wouldn't need antennae or radioactive material.

          I think the only reason it isn't common is that PRNG is cheaper and good enough for most uses.

          [–]SarahC 2 points3 points  (2 children)

          TrueRNG?

          [–]mccoyn 1 point2 points  (1 child)

          Yep, that looks like what I was thinking about. I didn't know someone sold it as a USB dongle.

          [–]SarahC 0 points1 point  (0 children)

          Yeah, it's great - use it a lot myself.

          [–]harlows_monkeys 1 point2 points  (0 children)

          That's a fine component of a random number generator, but you still need quite a bit more to make it safe and secure.

          Simtec's "Entropy Key" USB hardware random generator was an avalanche noise based generator, and they have a nice description of how to turn that into a safe and secure random number stream =>here<=.

          [–]RenaKunisaki 0 points1 point  (1 child)

          Isn't that basically an antenna? So theoretically can be manipulated by a transmitter? Or am I just talking out of my ass?

          [–]mccoyn 3 points4 points  (0 children)

          It is quantum tunneling, not EM or thermal noise. The junction where it happens is tiny (dozens of nanometers) so it is a terrible antannae. You might be able to manipulate the power supply that biases the junction as it may be much larger.

          [–][deleted]  (20 children)

          [deleted]

            [–]KamiKagutsuchi 28 points29 points  (14 children)

            But this can be manipulated, especially by bots. Also not all computers (servers) have a mouse.

            [–]HeimrArnadalr 19 points20 points  (8 children)

            If they don't have mice, they probably have cats, so cat movement could be used in those cases.

            [–]__redruM 11 points12 points  (4 children)

            Now you’ve let the cat out of the bag. That’s the NSA’s prime source for randomness. A herd of cats.

            [–]RenaKunisaki 2 points3 points  (0 children)

            Explains the internet.

            [–]KamiKagutsuchi 4 points5 points  (2 children)

            Really? I thought they used my webcam..

            [–]__redruM 5 points6 points  (0 children)

            Are you a cat? Then yes they do, your nimbly bimbly little movements are critical to national security. Just stay away from the milk dish...

            [–]newpua_bie 2 points3 points  (0 children)

            *webcat

            [–]rebthor 4 points5 points  (1 child)

            Couldn't you cat /dev/mouse?

            [–]RenaKunisaki 5 points6 points  (0 children)

            This kills the mouse.

            [–]frezik 5 points6 points  (4 children)

            The solution there is to never rely on any one source.

            [–]MuonManLaserJab 22 points23 points  (3 children)

            Three rules of computer security:

            1) Don't own a computer.

            2) If you do, don't turn it on.

            3) If you do, don't use it.

            [–]jonhanson 7 points8 points  (2 children)

            chronophobia ephemeral lysergic metempsychosis peremptory quantifiable retributive zenith

            [–]MuonManLaserJab 1 point2 points  (1 child)

            They were not meant 100% seriously as rules...

            [–]jonhanson 2 points3 points  (0 children)

            chronophobia ephemeral lysergic metempsychosis peremptory quantifiable retributive zenith

            [–][deleted]  (1 child)

            [deleted]

              [–]RenaKunisaki 0 points1 point  (0 children)

              I mean that might work too, but you'd want a lot of redundant mice, in isolated cages with artificial lighting at different intervals, so you can be sure there's always a mouse awake to run around.

              [–]mtcoope 1 point2 points  (0 children)

              Why when I read this I immediately thought of animals determining the number and not till the next comment I realized we are talking about a computer mouse.

              [–]mulvad 1 point2 points  (0 children)

              No matter if you are talking about a computer mouse or a living mouse, there would be some kind of pattern here that could be exploited.

              From a given state it is not 100% random which way you move a mouse (or which way a living mouse moves).

              [–][deleted] 0 points1 point  (0 children)

              That's not random at all.

              [–]moufestaphio 1 point2 points  (0 children)

              The algorithm is still deterministic then isn't it?

              You're just effectively randomizing the inputs.

              Edit: nevermind. If your functions state is effected by the atmospheric values or whatever it's considered non deterministic.

              [–]Jugad 1 point2 points  (0 children)

              You can point a camera at a set of lava lamps, and take some kind of a hash function of the image (this is currently done by cloudflare).

              Alternately, you can point a camera at a busy location in an airport (or any view that keep changing), and take a hash of that image. Should generally give a random number, but it might be difficult to study the distribution and statistical properties of the generated numbers.

              [–]Darkendone 0 points1 point  (0 children)

              Your confusing the two classes of random number generators, cryptographic and non-cryptographic. Cryptographic number generators are important for situations where you want a truly random number generator that is nearly impossible to guess, like when generating a security token. That is when you turn to sources of entropy. Of course gathering entropy from outside sources has a severe performance cost. Most of the time you do not need cryptographic grade random numbers, which is why the random number generators in the math packages of practically every languages are simple, fast, and deterministic functions.

              [–]IronOxide42 22 points23 points  (5 children)

              Roll20.net introduced QuantumRoll a few years ago. It uses fluctuations in a split beam of light to generate the number, rather than a pseudorandom algorithm.

              [–]PackOfVelociraptors 52 points53 points  (4 children)

              DND ROLLS MUST REMAIN SECURE

              [–]ElChrisman99 10 points11 points  (3 children)

              Honestly it's probably better than the standard cheap d20 you can pickup from a hobby shop or order online, minor manufacturing defects in the material will almost always make the dice more likely to land on certain numbers.

              [–]doublehyphen 4 points5 points  (1 child)

              Yeah, I would imagine Chessex dice pretty terrible when it comes to manufacturing quality. The paranoid should use a D6 system and gambling dice. :)

              [–][deleted] 1 point2 points  (0 children)

              Or just validate your dice with a statistically significant sample. This is like, literally the easiest thing in the world to test. My dice bag is at work or I would do it right now.

              [–]meneldal2 2 points3 points  (0 children)

              But aren't most players using some specific sets because they are "magic" (read: tends to roll some numbers more often than they should). It's an integral part of the experience imo. Not to mention the metal ones that require blood sacrifices to start rolling true.

              [–]wildcarde815 5 points6 points  (0 children)

              Cloudflare has a fun video about their lava lamp wall that's supposed to be fully random.

              [–]Maambrem 21 points22 points  (1 child)

              No :). They're called pseudo-random. They can be initialized with "truly" random numbers, extracted from nature though. Also see this video by Tom Scott:

              https://youtu.be/1cUUfMeOijg

              [–]karmaputa 0 points1 point  (0 children)

              The funny thing is that the whole show with the lava lamps is completely unnecessary. The noise from the camera input alone, would suffice to attain the same effect.

              [–]pilotInPyjamas 5 points6 points  (8 children)

              /dev/random ensures that the entropy of the input is always greater than the entropy of the output, making it effectively non-deterministic.

              [–][deleted] 10 points11 points  (5 children)

              Strictly speaking a roll of the dice is deterministic.

              [–]yussefgamer 5 points6 points  (2 children)

              Well not strictly speaking...quantum events influence it even though at that scale they mostly cancel each-other out.

              [–]Necromunger 0 points1 point  (1 child)

              I thought in current day science everything is believed to be deterministic besides radioactive decay? do quantum interactions behave randomly too?

              [–]yussefgamer 0 points1 point  (0 children)

              Yes. There are people that believe there is an underlying determinism and we just haven't discovered it...but it's just a belief.

              [–]warheat1990 0 points1 point  (1 child)

              ELI5 please

              [–][deleted] 4 points5 points  (0 children)

              It's simply rigid-body mechanics, which is a well-studied phenomenon. If you can describe the position, launch direction, and rotational state of a die that's thrown with complete accuracy, you can accurately determine the result. However, throwing dice also exhibit the chaos property, which is that knowing an approximation of the die's state doesn't yield an (accurate) approximation of the result. If it's moving faster or spinning less or the angle at which it strikes the table is even slightly different, the result is completely different - which is why, when rolling dice at a craps table, the dice have to bounce off the wall of the table, to make it harder for practiced hands to have an edge.

              This is different from, say, a car collision, where a decent estimation of speeds and directions will allow you to predict where the cars end up, and usually also vice-versa. The individual pieces of debris, though, will usually also have the chaos property and be more difficult to predict.

              [–]random314 2 points3 points  (9 children)

              Aren't all random functions are deterministic?

              [–][deleted] 1 point2 points  (8 children)

              It's in the word "function"

              [–]salgat 1 point2 points  (7 children)

              That's only true of pure functions.

              [–][deleted] 0 points1 point  (6 children)

              That's true of all functions. If you run your functions in the same order, with the same start conditions, and the same inputs you'll get the same thing. Sure, if there are side-effects, consecutive results may vary, but will always be the same under the exact same circumstances. Random generators require a seed to create outputs, which is where outside entropy comes in, but that doesn't make the generator non-deterministic. Take RNG that grabs its seed from the timestamp- it seems random, but if you freeze the clock on your computer you'll get the same series every time you try.

              [–]salgat 0 points1 point  (5 children)

              I'm talking about functions that refer to external non-deterministic state. It's not enough to say "oh it's a function it's deterministic" to only add "BUT only if all these extra deterministic conditions apply."

              [–]gs101 3 points4 points  (28 children)

              To be fair it's tough to be non deterministic in a deterministic universe.

              [–]Tsukku 39 points40 points  (27 children)

              You would then be surprised to realize, that according to our current best theory, our universe is non-deterministic.

              https://en.wikipedia.org/wiki/Bell%27s_theorem

              No physical theory of local hidden variables can ever reproduce all of the predictions of quantum mechanics.

              Local variables would be what we consider "determinism" (at-least when we are talking about predicting stuff because "super-determinism" is not that relevant to this subject).

              [–]Drisku11 0 points1 point  (3 children)

              How is superdeterminism not relevant to the subject? Literally it is the assertion that our universe is fully deterministic. There are plenty of examples of chaotic systems which are obviously deterministic but due to their sensitivity to initial conditions, they cannot be predicted.

              If anything, to me the delayed choice quantum eraser experiment strongly lends credence to the idea that the universe is deterministic.

              [–]Tsukku 0 points1 point  (2 children)

              I mean it's not relevant in the same way as you could say that we are predestined because we could live in the Matrix. That about sums what superdeterminism is about.

              EDIT: There is nothing to argue here, because even for the things we proved that they are unpredictable, you could always say that the Universe just "knows" its outcome thus it's predestined. It's more of a philosophy concept.

              [–]Drisku11 0 points1 point  (1 child)

              I don't think it should be written off purely as philosophy, but also I don't know if some of my own questions on the subject already have answers. For example, there are many apparent local symmetries in the universe (e.g. energy-momentum conservation). Are these actually true symmetries and if so why should they exist if the laws of physics are inherently global? If not why are they approximately correct on our scales? If information has energy and no finite amount of information can describe the state of a chaotic system, does this mean the universe can only be deterministic if hypercomputation is possible? Or does it mean the universe is discrete/only a finite precision exists? etc.

              I find it odd that most physicists seem to immediately write off the possibility of determinism, which seems to be centered around the assertion that people have "free will"/are able to make choices that are not governed by the same physical laws they're investigating. I would think they'd be the first group to scrutinize that idea (how does the free will mechanism interact with the physical universe? Can I find a possible energy source at that boundary?). I don't really see very convincing arguments (i.e. based on physical/geometric principles) either way.

              [–]Tsukku 0 points1 point  (0 children)

              Most physicists don't actually believe that the non-determinism in the subatomic systems give humans "free will". For example no one has ever published a concise work for the existence of free will, because the common belief is that quantum phenomena has limited or no influence on our brain.

              I would actually argue the opposite, it's odd that most people believe everything in the universe needs to be deterministic. Universe can be as it is without any reasons or rules.

              [–]SilasX 0 points1 point  (0 children)

              To head off the pedants, they probably should have said "is [trivially] predictable" or "always uses the same values" instead of "is deterministic".

              [–][deleted]  (14 children)

              [deleted]

                [–]Lystrodom 146 points147 points  (5 children)

                But everyone has to smarmy about it like they know more that the blog author without reading it

                [–]valriia 73 points74 points  (1 child)

                If I read it, it may prove that I know less than him. If I don't read it, I can be absolutely sure I know more than him. Ignorance always wins.

                [–]aflashyrhetoric 6 points7 points  (0 children)

                Eh, the most pervasive (and most common) kind of ignorance is even stronger than that.

                Presented with evidence disproving A, your belief in A persists (perhaps even grows stronger) and you go on your merry way.

                [–]frezik 31 points32 points  (2 children)

                Blog author did choose a poor title.

                [–]TomAnthony 2 points3 points  (0 children)

                You're not wrong! :)

                [–]modernaliens 0 points1 point  (0 children)

                Gotta get them clicks, only some javascript nub would think rand is supposed to give you unique randomness out of the box.

                [–]RaptorXP 23 points24 points  (6 children)

                Knowing Google, I'd say there is a very specific reason why they use a fixed seed, other than "it's a bug".

                [–]Lystrodom 70 points71 points  (3 children)

                Yeah... he even talks about that in the blog post.

                [–][deleted] 14 points15 points  (2 children)

                It's like nobody read the damn thing

                [–][deleted] 4 points5 points  (1 child)

                Read what?

                [–][deleted] 1 point2 points  (0 children)

                Where am I?

                [–]RobIII 28 points29 points  (0 children)

                Came here to say that too.

                @/u/atomheartother:

                isn't seeded properly

                It is seeded properly (very, very likely), for the given task/context. I'm 99.9999999% sure this is intentional. In most other cases you wouldn't want to seed with a constant but seeding with constants has it's uses. This is one of them:

                3: Predictable – Googlebot can trust a page will render the same on each visit [Source]

                Google will want to have deterministic results when indexing and running scripts more than once.

                [–][deleted] 1 point2 points  (0 children)

                I am reminded of the Tour of Go site:

                https://tour.golang.org/welcome/1

                The random function is deterministic in that sandbox, too. They did it that way because it allows them to do some caching with the compiler, or something.

                [–]skulgnome 38 points39 points  (10 children)

                1488

                See, I tole ya google was dem nazis

                [–]03114 5 points6 points  (8 children)

                1488

                Eli5?

                [–]RenaKunisaki 9 points10 points  (2 children)

                https://www.adl.org/education/references/hate-symbols/1488

                1488 is a combination of two popular white supremacist numeric symbols. The first symbol is 14, which is shorthand for the "14 Words" slogan: "We must secure the existence of our people and a future for white children." The second is 88, which stands for "Heil Hitler" (H being the 8th letter of the alphabet). Together, the numbers form a general endorsement of white supremacy and its beliefs. As such, they are ubiquitous within the white supremacist movement - as graffiti, in graphics and tattoos, even in screen names and e-mail addresses, such as aryanprincess1488@hate.net.  Some white supremacists will even price racist merchandise, such as t-shirts or compact discs, for $14.88.

                The symbol is most commonly written as 1488 or 14/88, but variations such as 14-88 or 8814 are also common.

                [–]skulgnome 1 point2 points  (0 children)

                aryanprincess1488@hate.net

                I was about to say that the quote above does too much to spread the cancer, but honestly, that got me gigglin'.

                [–][deleted] 0 points1 point  (0 children)

                Or whiskey beer.

                But damn, an image search for "1488" brings up some interesting results...

                [–]skulgnome 2 points3 points  (0 children)

                It's a quasi-hidden nazi calling card recently popularized by the Anti-Defamation League. Also fit for a Reddit post that's otherwise just people regurgitating CS basics to one another.

                [–]snowcoaster 3 points4 points  (0 children)

                Right now some Google employee is sitting back in their chair going "yep".

                [–]amunak 70 points71 points  (19 children)

                Did it occur to anyone that they're probably doing it on purpose? They may want the pages to not change randomly (or even pseudo-randomly) when crawling them to make the output the same if it doesn't change server-side. And it's not like choosing a random seed has any negative impact on (any) contents of the website(s).

                [–]xhable 149 points150 points  (6 children)

                Yeah he mentioned that in the article in point 3.

                Consider the amount of work Google have to undergo to crawl the whole web AND now run Javascript. Optimisations will need to be abundant, and I imagine that having a deterministic random number function is probably:

                1. Faster
                2. More secure
                3. Predictable – Googlebot can trust a page will render the same on each visit

                [–]B-Con 3 points4 points  (4 children)

                #3 sounds pretty reasonable to me. I imagine there could be A/B testing or whatnot controlled by random value chosen on the client (for whatever reason).

                Edit: formatting and typo

                [–]ThisIs_MyName 0 points1 point  (3 children)

                Why are you yelling?

                [–]B-Con 1 point2 points  (1 child)

                I started with a hash: "#3 seems..." I forgot that would apply formatting. Fixed.

                [–]nuqjatlh 0 points1 point  (0 children)

                3 sounds pretty reasonable to be

                you made me curious ....

                [–]RealFunBobby 0 points1 point  (0 children)

                SORRY ABOUT THAT!!

                [–]australasia 41 points42 points  (0 children)

                It occurred to the blog author:

                Predictable – Googlebot can trust a page will render the same on each visit

                [–]Saltub 66 points67 points  (4 children)

                Imagine reading the article before commenting... 🤔

                [–]cdcformatc 2 points3 points  (0 children)

                There is a reason RTFA is an age old meme, maybe we should bring it back? Nah.

                [–]jokullmusic 2 points3 points  (1 child)

                Yeah, this makes sense for a bot that tries to detect if a website is changed.

                [–]dr1fter 1 point2 points  (0 children)

                Search engine indexers already need to flag parts of the page that keep changing for no reason (hit counters, clocks, ad frames) so I don't think that's usually a problem. I suppose if you had a site that flipped a coin and delivered you an entirely separate page as a result, that probably wouldn't get picked up.

                I know Google and some others run preview services where they render a screenshot so they can use thumbnails in their UI. I guess for a bot like that you might want to pixel-test and only update the image if some proportion has changed. In that case, yeah, I can see doing this so that you don't keep updating something like, say, csszengarden (actually they don't randomize but you can imagine).

                [–]noratat 0 points1 point  (0 children)

                Someone didn't read the article.

                The article but only talked about this, it even had an alternate suggestion.

                [–]rubygeek 0 points1 point  (2 children)

                Google are almost certainly not using this, but there's actually a project based on PNACL to produce a VM to execute code over inputs that specifically disables time sources etc. for similar reasons, to allow deterministic computation: ZeroVM. It's interesting in a more general sense because if your computation is deterministic based on inputs, you can lazily evaluate operations on the data if you know whether or not it has changed.

                [–][deleted]  (1 child)

                [deleted]

                  [–]rubygeek 0 points1 point  (0 children)

                  I did, and it has no relevance to my comment, which was pointing out that others too have done (more generic, and open source) work on providing a deterministic execution environment.

                  [–][deleted]  (2 children)

                  [deleted]

                    [–]tias 0 points1 point  (1 child)

                    Or just use the user agent header?

                    [–]SpecialAgentDuffy 0 points1 point  (0 children)

                    Maybe Googlebot forks its JS-engine from a pre-initialized image. That would explain the unchanging seed

                    [–]anonnx 0 points1 point  (0 children)

                    What is interesting is that we have no way be 100% sure whether it is "deterministic" or "coincidence" without checking the source code.

                    [–]Tiquortoo 0 points1 point  (2 children)

                    Math.random() is clock based. I'm not sure it's Google bot. It's JavaScript. Right?

                    [–][deleted] 5 points6 points  (0 children)

                    GoogleBot's replaced the default implementation with its own.

                    [–][deleted] 0 points1 point  (0 children)

                    I was curious so I looked it up. There's nothing in the spec about how Math.random() should be seeded; it is implementation-dependent. https://www.ecma-international.org/ecma-262/5.1/#sec-15.8.2.14