Just noticed in the diff file that my editor removed some trailing spaces. Harmless, but let me know if you want them back haha :)

If rand() is actually deprecated I think it would be better to replace it in the source rather than do something special just for BSD. I don't think we care too much about the quality of the random numbers, but speed and thread safety are important.

If rand() is actually deprecated I think it would be better to replace it in the source rather than do something special just for BSD. I don't think we care too much about the quality of the random numbers, but speed and thread safety are important.

I don't believe its deprecated, just preferred. It seems that OpenBSD modified these functions to provide more secure non-deterministic values. Since I don't know comparable and portable alternatives I think we'd be better sticking to rand (which is apparently a wrapper to arc4random in OpenBSD anyways) and we can just ignore the compiler warning.

I don't want the target specific # stuff in the cpp files like that. @ruevs or @rpavlik what's the best place for that? Or should we just replace use of rand() on all platforms? I'm not sure that's right either - we want reproducible results, so rand actually preferable for us.

@phkahler I wouldn't merge either of these.

snprintf is better than sprintf, but it's also commonly misused, see https://randomascii.wordpress.com/2013/04/03/stop-using-strncpy-already/ Ideally we do what is suggested there and have a wrapper auto-deduce buffer size and do it right in one place.

Agree that we want determinism so the rand change is not useful here: we are not relying on the random for anything security-related afaik.

I'd be curious about real use of determinism here if you're calling a random function then swapping results. sprintf() misuse is even worse than snprintf() misuse also. So code is awesome from a OS portability view if your primary target is windows.

I'd be curious about real use of determinism here if you're calling a random function then swapping results.

The rand function does not generate a random number. It generates a pseudo random number. If the seed is the same the sequence of pseudo random numbers will be the same. This allows bugs that may depend on the random sequence to be reproduced.

a28bfac#r1174520181