My Journey To The Center Of PHP - Northeast PHP 2017

Slide 1

Slide 1 text

A U G U S T 1 0 T H , 2 0 1 7 JOURNEY MY CENTER TO THE OF S A M M Y K A Y E P O W E R S @SammyK #nephp17 joind.in/talk/8e1b4

Slide 2

Slide 2 text

@SammyK #nephp17 joind.in/talk/8e1b4 SLIDES GET THE joind.in/talk/8e1b4

Slide 3

Slide 3 text

SCARY! INTERNALS IS http://saint-max.deviantart.com

Slide 4

Slide 4 text

I don’t know C! Internals is scary! I don’t know what I’m doing!

Slide 5

Slide 5 text

@SammyK #nephp17 joind.in/talk/8e1b4 BOOKS ON PHP 7 INTERNALS: THIS PAGE INTENTIONALLY LEFT BLANK

Slide 6

Slide 6 text

@SammyK #nephp17 joind.in/talk/8e1b4 WEBSITES ON PHP 7 INTERNALS: PHPINTERNALSBOOK.COM

Slide 7

Slide 7 text

@SammyK #nephp17 joind.in/talk/8e1b4 BUBBLE MY 1998-2013

Slide 8

Slide 8 text

@SammyK #nephp17 joind.in/talk/8e1b4 LARACON 2014 NEW YORK PHP|TEK CHICAGO

Slide 9

Slide 9 text

@SammyK #nephp17 joind.in/talk/8e1b4 PHP|TEK HACK-A-THON CONTRIBUTE TO PHP

Slide 10

Slide 10 text

@SammyK #nephp17 joind.in/talk/8e1b4 I don’t know what I’m doing!

Slide 11

Slide 11 text

ELIZABETH SMITH DERICK RETHANS

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

ANTHONY FERRARA

Slide 14

Slide 14 text

CONTRIBUTION MY FIRST

Slide 15

Slide 15 text

@SammyK #nephp17 joind.in/talk/8e1b4 this is a table…

Slide 16

Slide 16 text

I love tabs! this is a table… Spaces is where it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird

Slide 17

Slide 17 text

Slide 18

Slide 18 text

@SammyK #nephp17 joind.in/talk/8e1b4 TABS SPACES VS

Slide 19

Slide 19 text

@SammyK #nephp17 joind.in/talk/8e1b4 CLOSER TO INTERNALS PUSHED ME

Slide 20

Slide 20 text

@SammyK #nephp17 joind.in/talk/8e1b4 OPEN SOURCE

Slide 21

Slide 21 text

PHP SDK FACEBOOK

Slide 22

Slide 22 text

@SammyK #nephp17 joind.in/talk/8e1b4 FOSCO MAROTTO

Slide 23

Slide 23 text

@SammyK #nephp17 joind.in/talk/8e1b4 HQ FACEBOOK

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

@SammyK #nephp17 joind.in/talk/8e1b4 CHANGED IT ALL THE PR THAT

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

@SammyK #nephp17 joind.in/talk/8e1b4 SCOTT ARCISZEWSKI (AR - SIZ - ZU - SKI)

Slide 29

Slide 29 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

@SammyK #nephp17 joind.in/talk/8e1b4 SCOTT’S PR INFOSEC FALLOUT ==

Slide 32

Slide 32 text

@SammyK #nephp17 joind.in/talk/8e1b4 I HAD A CHOICE OR

Slide 33

Slide 33 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG WUT?

Slide 34

Slide 34 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG WUT?

Slide 35

Slide 35 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG mt_rand($min, $max); rand($min, $max); lcg_value();

Slide 36

Slide 36 text

CSPRNG echo mt_rand(0, 42); 11

Slide 37

Slide 37 text

CSPRNG echo mt_rand(0, 42); 7

Slide 38

Slide 38 text

echo mt_rand(0, 42); 39 CSPRNG

Slide 39

Slide 39 text

CSPRNG mt_srand(10); echo mt_rand(0, 42);

Slide 40

Slide 40 text

CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

Slide 41

Slide 41 text

CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

Slide 42

Slide 42 text

mt_srand(10); echo mt_rand(0, 42); 21 CSPRNG

Slide 43

Slide 43 text

@SammyK #nephp17 joind.in/talk/8e1b4 mt_rand(); AUTO SEEDING USING TIMESTAMP + A FEW OTHER VARIABLES CSPRNG

Slide 44

Slide 44 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

@SammyK #nephp17 joind.in/talk/8e1b4 AUTO SEEDING USING TIMESTAMP + A FEW OTHER VARIABLES

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG’S USE BETTER SEEDS

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

Slide 53

Slide 53 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

Slide 54

Slide 54 text

openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Since the UNIX fork() system call duplicates the entire process state, a random number generator which does not take this issue into account will produce the same sequence of random numbers in both the parent and the child […], leading to cryptographic disaster… “

Slide 55

Slide 55 text

openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety OpenSSL cannot ﬁx the fork- safety problem because its not in a position to do so. However, there are [solutions] available and they are listed below. “

Slide 56

Slide 56 text

openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Don't use RAND_bytes “

Slide 57

Slide 57 text

openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Instead, you can read directly from /dev/random, /dev/urandom or /dev/srandom; or use CryptGenRandom on Windows systems. “

Slide 58

Slide 58 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

Slide 59

Slide 59 text

mcrypt_create_iv()

Slide 60

Slide 60 text

@SammyK #nephp17 joind.in/talk/8e1b4 mcrypt_create_iv()

Slide 61

Slide 61 text

@SammyK #nephp17 joind.in/talk/8e1b4 mcrypt_create_iv()

Slide 62

Slide 62 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

Slide 63

Slide 63 text

@SammyK #nephp17 joind.in/talk/8e1b4 /dev/*random

Slide 64

Slide 64 text

@SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

Slide 65

Slide 65 text

Why is CSPRNG so hard in PHP?

Slide 66

Slide 66 text

@SammyK #nephp17 joind.in/talk/8e1b4 SUNSHINE PHP 2015

Slide 67

Slide 67 text

Why is CSPRNG so hard in PHP?

Slide 68

Slide 68 text

Because no one’s made it easy.

Slide 69

Slide 69 text

CSPRNG MAKE EASY

Slide 70

Slide 70 text

I have NO idea what I’m doing!

Slide 71

Slide 71 text

Start with user-land implementation

Slide 72

Slide 72 text

github.com/SammyK/php-src-csprng

Slide 73

Slide 73 text

@SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_int($min, $max) random_bytes($bytes) random_hex($bytes)

Slide 74

Slide 74 text

Vetted by infosec nerds. including…

Slide 75

Slide 75 text

@SammyK #nephp17 joind.in/talk/8e1b4 SCOTT

Slide 76

Slide 76 text

@SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max)

Slide 77

Slide 77 text

@SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) two

Slide 78

Slide 78 text

@SammyK #nephp17 joind.in/talk/8e1b4 ADD NEW FUNCTIONS bin2hex(random_bytes($bytes)) === THREE two random_hex($bytes)

Slide 79

Slide 79 text

@SammyK #nephp17 joind.in/talk/8e1b4 IMPLEMENTATION THE ACTUAL

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

google!

Slide 82

Slide 82 text

COPY I DON’T ALWAYS PASTE & BUT WHEN I DO…

Slide 83

Slide 83 text

github.com/php/php-src/pull/191/files

Slide 84

Slide 84 text

/ext/standard/basic_functions.c

Slide 85

Slide 85 text

/ext/standard/base64.c

Slide 86

Slide 86 text

@SammyK #nephp17 joind.in/talk/8e1b4 COPY PASTE

Slide 87

Slide 87 text

@SammyK #nephp17 joind.in/talk/8e1b4 COMPILE TEST

Slide 88

Slide 88 text

@SammyK #nephp17 joind.in/talk/8e1b4 random bytes int min max ?? ?? ? ??!!

Slide 89

Slide 89 text

@SammyK #nephp17 joind.in/talk/8e1b4 ROOM 11

Slide 90

Slide 90 text

segfault

Slide 91

Slide 91 text

I have NO idea what I’m doing! random bytes int min max

Slide 92

Slide 92 text

@SammyK #nephp17 joind.in/talk/8e1b4 LEIGH LAST NAME?

Slide 93

Slide 93 text

No content

Slide 94

Slide 94 text

@SammyK #nephp17 joind.in/talk/8e1b4 THE P R O C E S S (REQUEST FOR COMMENTS)

Slide 95

Slide 95 text

@SammyK #nephp17 joind.in/talk/8e1b4 [email protected]

Slide 96

Slide 96 text

@SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA

Slide 97

Slide 97 text

@SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA wiki.php.net

Slide 98

Slide 98 text

@SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA [email protected]

Slide 99

Slide 99 text

@SammyK #nephp17 joind.in/talk/8e1b4 YOUR RFC CREATE wiki.php.net/rfc/howto

Slide 100

Slide 100 text

@SammyK #nephp17 joind.in/talk/8e1b4 YOUR RFC ANNOUNCE [email protected]

Slide 101

Slide 101 text

@SammyK #nephp17 joind.in/talk/8e1b4 FOR 2 WEEKS WAIT

Slide 102

Slide 102 text

@SammyK #nephp17 joind.in/talk/8e1b4 UNDER DISCUSSION

Slide 103

Slide 103 text

@SammyK #nephp17 joind.in/talk/8e1b4 ANNOUNCE THE VOTING PHASE [email protected]

Slide 104

Slide 104 text

@SammyK #nephp17 joind.in/talk/8e1b4 USUALLY 2 WEEKS

Slide 105

Slide 105 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 106

Slide 106 text

@SammyK #nephp17 joind.in/talk/8e1b4 sammyk.me/how-to-contribute-to-php-documentation

Slide 107

Slide 107 text

@SammyK #nephp17 joind.in/talk/8e1b4 THE PROCESS FIN

Slide 108

Slide 108 text

@SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST

Slide 109

Slide 109 text

@SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓

Slide 110

Slide 110 text

@SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓

Slide 111

Slide 111 text

@SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

Slide 112

Slide 112 text

RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x PHP internals is scawy!

Slide 113

Slide 113 text

Everyone is smarter than me - I’ll be a laughingstock! Everyone is mean - look at scalar type- hints drama!

Slide 114

Slide 114 text

Let’s do this sh… stuff!

Slide 115

Slide 115 text

No content

Slide 116

Slide 116 text

No content

Slide 117

Slide 117 text

LATER …TWO WEEKS

Slide 118

Slide 118 text

No content

Slide 119

Slide 119 text

No content

Slide 120

Slide 120 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 121

Slide 121 text

@SammyK #nephp17 joind.in/talk/8e1b4

Slide 122

Slide 122 text

@SammyK #nephp17 joind.in/talk/8e1b4 JOURNEY MY CENTER TO THE OF IT’S LIKE EATING

Slide 123

Slide 123 text

LEARNED WHAT I I don’t know what I’m doing! HOW FEATURES ARE ADDED TO PHP THE CULTURE OF PHP INTERNALS BETTER AT C & C++ DEEPER UNDERSTANDING OF CSPRNG’S BINARY AND HEXADECIMAL NUMBER SYSTEMS HOW TO CONTRIBUTE TO THE PHP DOCS AND TONS MORE!

Slide 124

Slide 124 text

I STILL have no idea what I’m doing!

Slide 125

Slide 125 text

SCARY! INTERNALS IS http://saint-max.deviantart.com

Slide 126

Slide 126 text

SCARY! INTERNALS IS http://saint-max.deviantart.com not ^

Slide 127

Slide 127 text

@SammyK #nephp17 joind.in/talk/8e1b4 COMMUNITY LOVING

Slide 128

Slide 128 text

@SammyK #nephp17 joind.in/talk/8e1b4 I N T E R N A L S N E E D S YOU SOURCE BUGS WEBSITE TESTS

Slide 129

Slide 129 text

For PHP Source Writing Tests Tomorrow @ 9AM Richmond Room #SHAMELESSPLUG

Slide 130

Slide 130 text

@SammyK #nephp17 joind.in/talk/8e1b4 TABS INTERNALS USES

Slide 131

Slide 131 text

THANKS! SAMMY KAYE POWERS @SammyK SammyK.me Host of @PHPRoundtable @ChiPHPUG West Coast Swing /talk/8e1b4 I have stickers!