[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: upcoming gnubg features + button survey

From: Isaac Keslassy
Subject: Re: upcoming gnubg features + button survey
Date: Fri, 17 Feb 2023 22:31:07 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0


1) DISABLING BY DEFAULT: Many thanks for the feedback, I never thought of this issue! I did already put checkboxes to disable it (1) in the menu options, and (2) in the window that asks whether to go to the gnubg website to upgrade.

The problem of disabling it by default is that the vast majority of users won't look for it in the options and will stay with old gnubg versions.

How about the following idea: It is disabled by default, as you suggested. We record the day that the user starts using a given version of gnubg. Then, 1-2 months later, gnubg asks the user whether to enable the feature and automatically look online for updates? So it's opt-in rather than opt-out, but with a one-time nagging.

2) RANDOM DICE: For the record, it looks like the default random number generator relies on Mersenne (dice.c, line 75), so it doesn't go online. Mersenne uses some genrand_int32 function (cf. RollDice function in dice.c), which seems to be an implementation from 1997-2002 in lib/19937ar.c

It seems that it has been updated online in 2011 (http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/emt.html), if someone wants to introduce that in gnubg.

Gnubg could also implement urandom, but then this would be platform-specific. It seems that Windows has something as well: https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom Developing platform-dependent functions sounds like extra work, but I am no expert, so anyone should feel free to introduce it if it looks like a needed feature.

- Isaac

On 17-Feb-23 6:58 PM, Russ Allbery wrote:
Isaac Keslassy <isaac@technion.ac.il> writes:

In addition, (7) gnubg will automatically check is there is a newer
gnubg version online.

Would it be possible to provide a way for distribution packagers to set
the default for this option to disabled?  Debian has users who are
extremely sensitive to software reporting their activities to anywhere on
the Internet without their explicit consent, so we have a general
distribution policy to not enable checks like this by default.  (There is
unfortunately no way that I know of to check for a newer version without
telling some server that someone just ran gnubg.)

(That reminds me that I think gnubg is probably also using random.org by
default and probably should use /dev/urandom by default instead on

I'd of course document this change and explain how to turn it back on for
anyone who wants it.

Russ Allbery (eagle@eyrie.org)             <https://www.eyrie.org/~eagle/>

External e-mail, be judicious when opening attachments or links

reply via email to

[Prev in Thread] Current Thread [Next in Thread]