Programming, software, and related topics

Lately I've been working towards 100%^[1] test coverage in RandN. This has been very helpful and has already found several small bugs across the library. One of the RNGs I'm testing is ThreadLocalRng, which RandN guarantees is thread-safe by use of a ThreadLocal - a wrapper around ChaCha that maintains exactly one instance per thread. Another test already verifies that a unique instance is created for each thread, but there could still be some sort of hidden dependency within ChaCha, so I want to test it even further, even though threading is notoriously difficult to test reliably.

When it comes to random number generators in .NET, there's two options: System.Random and the easy to say System.Security.Cryptography.RNGCryptoServiceProvider. The former is a pseudo random number generator (PRNG), while the latter is a cryptographically secure random number generator (CSRNG). Common wisdom is to use Random, since it's faster and friendlier than RNGCryptoServiceProvider while still providing random numbers that are good enough for casual use. Unfortunately, Random is not as random as you'd like, performance leaves a lot on the table, and the API isn't nearly as nice once you get to know it.

Sometimes we want to connect to a PostgreSQL database through SSL/TLS, but the database's CA Certificate aren't trusted by the computer. This is the case with DigitalOcean's Managed Database offerings. There are a couple different ways to solve this. First, you can simply use sslmode=require to skip verification; however, this opens the application up to man-in-the-middle attacks, as it can't verify the server's identity. The second way is to verify the root certificate ourselves by hooking one of Npgsql's callbacks.