pull down to refresh

This is what it looks like to me also. Repeating nonces are huge no-no, only takes a few until you can start to execute a plaintext attack on the data. GCM-AES also cannot encrypt more than 4Gb of data without having a repeat in the cipher stream, unrelated, but similar reasons behind it.
Poor quality RNG is a very bad thing. ChaChaPoly80 is in wide use and generates a high quality entropy with a lot less processing than using the kernel's /dev/random CSPRNG.
In my work there is a lot of shuffling done during selection operations and making that shuffle as random as possible to not open a side channel, a crypto random seed for every shuffle operation ensures an outside source could not possibly discover it. It also makes collision-free random identifiers for database keys identifying sessions and nodes and so forth internally.