CodeSOD: Randomly Generated
There was an era, briefly, where corporations flirted with the idea of replacing their web based UIs with Flash. There were even UI frameworks, like Flex, built to support that kind of migration. Yes, it was a disaster.
But not quite as much of a disaster as this action script code that Daniel found. At some point, someone at Initech decided they needed to implement a random number generator. This is what they came up with:
public class InitechRandom{private var mSeed:int;/** * Creates a new Initech random number generator. * * @param seed The seed of the randomizer. */public function InitechRandom(seed:int) {//Util.ConsoleOut("InitechRandom(" + seed + ")");mSeed = seed;}/** * Generates a random number between 0 and max. * * @param max The max number. * * @return A random integer. */public function GetRandomInt(max:int):int {if (max <= 0)return 0;//var randInt:int = Math.abs((123456789 * mSeed + 8) % 123456789);//mSeed = randInt;mSeed++;var random:int = mSeed % max;return random;}public function SetSeed(seed:int):void {mSeed = seed;}}
Now, I'm no ActionScript expert, but I'm fairly confident that it has a built in random number generator. And while that RNG might have all sorts of issues, I'm sure it was at least vaguely random.
This incredibly simplistic RNG has gone through a few iterations. The core of the algorithm is that we take the modulo of our seed, changing our seed in the process. In the initial version, we exploit large numbers and multiplication. In the current version, we just increment the seed value every time.
Now, I have no idea what they were using this random generator for. I'm sure they didn't require cryptographic randomness. My money is that the CEO provided a set of quotes, and they're just picking which one to put on the home page when it loads. For that task, I suppose this is fine, except for one thing: it's just Math.random().
The random number generator in ActionScript is just Math.random(). It already exists. It's already implemented. None of this code is needed. It's useless and it's stupid.
[Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!