Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My Journey To PHP Internals - Pacific Northwest PHP 2016

Sammy Kaye Powers
September 16, 2016
Technology
2
1.4k

My Journey To PHP Internals - Pacific Northwest PHP 2016

PHP Roundtable: https://www.phproundtable.com/
Facebook PHP SDK: https://github.com/facebook/php-graph-sdk
CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
User-land implementation: https://github.com/SammyK/php-src-csprng
Password hash diff: https://github.com/php/php-src/pull/191/files
How to create an RFC: https://wiki.php.net/rfc/howto
CSPRNG RFC: https://wiki.php.net/rfc/easy_userland_csprng
HHVM port: https://github.com/facebook/hhvm/pull/5925

PHP source: https://github.com/php/php-src
Write tests for PHP source: http://qa.php.net/write-test.php
How to contribute to the docs: https://www.sammyk.me/how-to-contribute-to-php-documentation
Bugs: https://bugs.php.net/
PHP.net source: https://github.com/php/web-php

Sammy Kaye Powers

September 16, 2016
Tweet

More Decks by Sammy Kaye Powers

See All by Sammy Kaye Powers
Going Bare - Writing The Web Without A Framework - Longhorn PHP 2019
sammyk
1
890
Going bare - writing the web without a framework - php[world] 2018
sammyk
0
470
The Debug Dance - An Intro To Step Debugging - php[world] 2018
sammyk
0
1k
Let's get random: Under the hood of PHP 7's CSPRNG - ZendCon & OpenEnterprise 2018
sammyk
0
1.1k
The debug dance: An intro to step debugging - ZendCon & OpenEnterprise 2018
sammyk
1
300
Going Bare - Writing the web without a framework - Cascadia PHP 2018
sammyk
0
350
Let's Get Random - Under The Hood of PHP 7's CSPRNG - php[tek] 2018
sammyk
0
210
Writing Tests For PHP Source - ZendCon 2017
sammyk
1
1.1k
Going Bare - Writing the web without a framework - ZendCon 2017
sammyk
2
330

Other Decks in Technology

See All in Technology
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
280
応用から学ぶ強化学習
nearme_tech
0
220
マイクロサービス・モジュラモノリス化によるシステム負債の解消プロジェクト
trrrrrys
0
120
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1.3k
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
2.3k
JSAI2023 Tutorial 「基盤モデルの技術と展望」
yusuke0519
9
3.7k
async-profilerによるスタックトレースタイムトラベル - Kafkaのパフォーマンス問題調査での応用例
line_developers
PRO
1
150
AIの標準化や法規制に関する動向 (2023年版)
asei
3
310
NAB Show 2023 動画技術関連レポート / NAB Show 2023 Report
cyberagentdevelopers
PRO
1
160
JJUG_CCC_2023_Exposed.pdf
wenas
0
100
What to talk about when you have nothing to talk about
moyheen
0
110
Microsoft Build 2023 で発表された Cosmos DB の注目アップデート / Microsoft Build 2023 Cosmos DB update
miyake
1
240

Featured

See All Featured
Facilitating Awesome Meetings
lara
35
4.8k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
What's new in Ruby 2.0
geeforr
336
30k
Code Review Best Practice
trishagee
53
12k
Web Components: a chance to create the future
zenorocha
304
41k
Fashionably flexible responsive web design (full day workshop)
malarkey
395
64k
BBQ
matthewcrist
75
8.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.3k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
7
1k
How to Ace a Technical Interview
jacobian
271
22k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
218
21k
Embracing the Ebb and Flow
colly
77
3.7k

Transcript

  1. S E P T E M B E R 1 6 T H , 2 0 1 6
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  2. SCARY!
    INTERNALS IS
    @SammyK #PNWPHP joind.in/talk/6b9c9
    http://saint-max.deviantart.com

    View Slide

  3. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View Slide

  4. BUBBLE
    MY
    1998-2013
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  5. LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  6. PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  7. I don’t know what I’m doing!
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  8. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View Slide

  9. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  10. ANTHONY
    FERRARA
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  11. CONTRIBUTION
    MY FIRST

    View Slide

  12. this is a table…
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  13. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  14. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  15. TABS
    SPACES
    VS

    View Slide

  16. OPEN
    SOURCE
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  17. PHP SDK
    FACEBOOK

    View Slide

  18. FOSCO
    MAROTTO
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  19. HQ
    FACEBOOK
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  20. View Slide

  21. CHANGED IT ALL
    THE PR THAT
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  22. View Slide

  23. View Slide

  24. SCOTT
    ARCISZEWSKI
    @SammyK #PNWPHP joind.in/talk/6b9c9
    (AR - SIZ - ZU - SKI)

    View Slide

  25. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  26. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  27. SCOTT’S PR
    INFOSEC FALLOUT
    ==
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  28. I HAD A CHOICE
    @SammyK #PNWPHP joind.in/talk/6b9c9
    OR

    View Slide

  29. CSPRNG
    WUT?
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  30. CSPRNG
    WUT?
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  31. CSPRNG
    @SammyK #PNWPHP joind.in/talk/6b9c9
    mt_rand($min, $max);
    rand($min, $max);

    View Slide

  32. CSPRNG
    echo mt_rand(0, 42);
    11

    View Slide

  33. CSPRNG
    echo mt_rand(0, 42);
    7

    View Slide

  34. CSPRNG
    echo mt_rand(0, 42);
    39

    View Slide

  35. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  36. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  37. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  38. rand(); mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    @SammyK #PNWPHP joind.in/talk/6b9c9
    CSPRNG

    View Slide

  39. CSPRNG’S
    USE BETTER SEEDS
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  40. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  41. View Slide

  42. Why is CSPRNG so hard in PHP?

    View Slide

  43. SUNSHINE PHP
    2015
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  44. Why is CSPRNG so hard in PHP?

    View Slide

  45. Because no one’s made it easy.

    View Slide

  46. CSPRNG
    MAKE
    EASY

    View Slide

  47. I have NO idea what I’m doing!

    View Slide

  48. Start with user-land implementation

    View Slide

  49. github.com/SammyK/php-src-csprng

    View Slide

  50. THREE
    ADD
    @SammyK #PNWPHP joind.in/talk/6b9c9
    NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)

    View Slide

  51. Vetted by infosec nerds. including…

    View Slide

  52. SCOTT
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  53. THREE
    ADD
    @SammyK #PNWPHP joind.in/talk/6b9c9
    NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)

    View Slide

  54. THREE
    ADD
    @SammyK #PNWPHP joind.in/talk/6b9c9
    NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two

    View Slide

  55. ADD
    @SammyK #PNWPHP joind.in/talk/6b9c9
    NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)

    View Slide

  56. IMPLEMENTATION
    THE ACTUAL
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  57. View Slide

  58. google!

    View Slide

  59. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View Slide

  60. github.com/php/php-src/pull/191/files

    View Slide

  61. /ext/standard/basic_functions.c

    View Slide

  62. /ext/standard/base64.c

    View Slide

  63. COPY PASTE
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  64. COMPILE TEST
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  65. random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  66. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View Slide

  67. ROOM 11
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  68. segfault
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  69. LEIGH
    LAST NAME?
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  70. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  71. THE
    @SammyK #PNWPHP joind.in/talk/6b9c9
    P R O C E S S
    (REQUEST FOR COMMENTS)

    View Slide

  72. @SammyK #PNWPHP joind.in/talk/6b9c9
    [email protected]

    View Slide

  73. @SammyK #PNWPHP joind.in/talk/6b9c9
    GET YOU SOME
    WIKI KARMA

    View Slide

  74. @SammyK #PNWPHP joind.in/talk/6b9c9
    GET YOU SOME WIKI KARMA
    wiki.php.net

    View Slide

  75. @SammyK #PNWPHP joind.in/talk/6b9c9
    GET YOU SOME WIKI KARMA
    [email protected]

    View Slide

  76. @SammyK #PNWPHP joind.in/talk/6b9c9
    YOUR RFC
    CREATE
    wiki.php.net/rfc/howto

    View Slide

  77. @SammyK #PNWPHP joind.in/talk/6b9c9
    YOUR RFC
    ANNOUNCE
    [email protected]

    View Slide

  78. @SammyK #PNWPHP joind.in/talk/6b9c9
    FOR 2 WEEKS
    WAIT

    View Slide

  79. @SammyK #PNWPHP joind.in/talk/6b9c9
    UNDER DISCUSSION

    View Slide

  80. @SammyK #PNWPHP joind.in/talk/6b9c9
    ANNOUNCE THE
    VOTING
    PHASE
    [email protected]

    View Slide

  81. @SammyK #PNWPHP joind.in/talk/6b9c9
    USUALLY 2 WEEKS

    View Slide

  82. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  83. @SammyK #PNWPHP joind.in/talk/6b9c9
    sammyk.me/how-to-contribute-to-php-documentation

    View Slide

  84. THE
    @SammyK #PNWPHP joind.in/talk/6b9c9
    P R O C E S S
    wiki.php.net/rfc/howto

    View Slide

  85. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  86. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  87. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  88. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  89. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View Slide

  90. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View Slide

  91. Let’s do this sh… stuff!

    View Slide

  92. View Slide

  93. View Slide

  94. LATER
    …TWO WEEKS

    View Slide

  95. View Slide

  96. View Slide

  97. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  98. @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  99. JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    @SammyK #PNWPHP joind.in/talk/6b9c9
    IT’S LIKE EATING

    View Slide

  100. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View Slide

  101. I STILL have no idea what I’m doing!

    View Slide

  102. SCARY!
    INTERNALS IS
    @SammyK #PNWPHP joind.in/talk/6b9c9
    http://saint-max.deviantart.com

    View Slide

  103. SCARY!
    INTERNALS IS
    @SammyK #PNWPHP joind.in/talk/6b9c9
    http://saint-max.deviantart.com
    not
    ^

    View Slide

  104. COMMUNITY
    LOVING
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  105. @SammyK #PNWPHP joind.in/talk/6b9c9
    I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE
    TESTS

    View Slide

  106. TABS
    INTERNALS USES
    @SammyK #PNWPHP joind.in/talk/6b9c9

    View Slide

  107. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    Hire me! :)
    /talk/6b9c9

    View Slide