What you're talking about is so extremely rare that it's much more likely that the entire Earth is destroyed by an asteroid right this inst...

Please, do not use b6133fd6-70fe-4fe3-bed6-8ca8fc9386cd, I checked my database and I was using it already.

Funny story no one will believe, but it’s true. A good friend of mine joined a startup as CTO 10 years ago, high growth phase, maybe 200 devs… In his first week he discovered the company had a microservice for generating new UUIDs. One endpoint with its own dedicated team of 3 engineers …including a database guy (the plot thickens). Other teams were instructed to call this service every time they needed a new ‘safe’ UUID. My pal asked wtf. It turned out this service had its own DB to store every previously issued UUID. Requests were handled as follows: it would generate a UUID, then ‘validate’ it by checking its own database to ensure the newly generated UUID didn’t match any previously generated UUIDs, then insert it, then return it to the client. Peace of mind I guess. The team had its own kanban board and sprints.

According to the many-worlds interpretation of quantum mechanics, there's bound to be one branch of universe where every UUID is the same. Can you imagine what those guys are thinking?

It's not happening by chance, there is a bug somewhere.<p>From what I skimmed the package should just call to the js runtime's crypto.randomUUID(). I think it should always be properly seeded.<p>I think it is extremely unlikely that the runtime has a bug here, but who knows? What js runtime do you use?

This is why I prefer to use a random base32 string over UUID. At least you get a proper 128 bit ID instead of just a 122 bit ID as with UUIDv4. You can even make a longer ID.<p>Also, numerous applications that use a unique ID per record frequently need to check for ID collisions. I know I do for a short URL generator.

Poorly seeded prng.

I fully agree. It makes no sense. Yet...<p>The only guesses I'm having is that we originally generated UUIDv4s on a user's phone before sending it to the database, and the UUID generated this morning that collided was created on an Ubuntu server.<p>I don't fully know how UUIDv4s are generated and what (if anything) about the machine it's being generated on is part of the algorithm, but that's really the only change I can think of, that it used to generated on-device by users, and for many months now, has moved to being generated on server.

> I thought this is technically impossible<p>Actually it's not impossible, but very very improbable.<p>P.S. You should play a lottery/powerball ticket<p>P.P.S. Whenever I use the word improbable, the <a href="https://hitchhikers.fandom.com/wiki/Infinite_Improbability_Drive" rel="nofollow">https://hitchhikers.fandom.com/wiki/Infinite_Improbability_D...</a> comes in mind

Although incredibly rare, it's not impossible so probably best to just plan for collisions. A simply retry should suffice. But I agree I feel like something is going on somewhere else ...

Reminds me of some code I saw running in production. Every time we added a new entry, we were pulling all the UUIDs from this table, generating a new UUID, and checking for collisions up to 10 times.

1 in 4.72 × 10²⁸<p>1 in 47.3 octillion.<p>i'd be suspecting a race condition or some other naive mistake, otherwise id be stocking up on lottery tickets.<p>(lol at the other user posting at the same time about the lottery ticket.. great minds and all that.)

Buy some lava lamps

Would the UUID v7 be more collision proof? Hard to say because it takes time into account but then the number of entropy bits are reduced hence the UUID generated exactly at the same time have more chance of a collusion because number of entropy bits are a much smaller space hence could result in collusions more easily.<p>Thoughts?

Just a stupid question, but why not append the date, even in seconds as hex. It's just a few bytes and would guarantee that everything OK now will be OK in the future?

Why not to have timestamp-uuid instead ?

Buy a lottery ticket

> We're using this: <a href="https://www.npmjs.com/package/uuid" rel="nofollow">https://www.npmjs.com/package/uuid</a><p>Why? There's a built-in for this.<p><a href="https://nodejs.org/api/crypto.html#cryptorandomuuidoptions" rel="nofollow">https://nodejs.org/api/crypto.html#cryptorandomuuidoptions</a>

The chance of a UUIDv4 collision is very low, but it is never zero.<p>If everything is done properly, then this is very likely the one and only time anyone involved in the telling or reading of this account will ever experience this.

[dead]

[flagged]