Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My journey to the center of PHP - Midwest PHP 2017

My journey to the center of PHP - Midwest PHP 2017

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

Sammy Kaye Powers

March 18, 2017
Tweet

More Decks by Sammy Kaye Powers

Other Decks in Programming

Transcript

  1. M A R C H 1 8 T H , 2 0 1 7
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  2. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  3. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View full-size slide

  4. BOOKS ON PHP 7 INTERNALS:
    THIS PAGE INTENTIONALLY LEFT BLANK
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  5. BUBBLE
    MY
    1998-2013
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  6. LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  7. PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  8. I don’t know what I’m doing!
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  9. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View full-size slide

  10. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  11. ANTHONY
    FERRARA
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  12. CONTRIBUTION
    MY FIRST

    View full-size slide

  13. this is a table…
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  14. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View full-size slide

  15. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View full-size slide

  16. TABS
    SPACES
    VS

    View full-size slide

  17. CLOSER
    TO INTERNALS
    PUSHED ME

    View full-size slide

  18. OPEN
    SOURCE
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  19. PHP SDK
    FACEBOOK

    View full-size slide

  20. FOSCO
    MAROTTO
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  21. HQ
    FACEBOOK
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  22. CHANGED IT ALL
    THE PR THAT
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  23. SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  24. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  25. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  26. SCOTT’S PR
    INFOSEC FALLOUT
    ==
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  27. I HAD A CHOICE
    OR
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  28. CSPRNG
    WUT?
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  29. CSPRNG
    WUT?
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  30. CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  31. CSPRNG
    echo mt_rand(0, 42);
    11

    View full-size slide

  32. CSPRNG
    echo mt_rand(0, 42);
    7

    View full-size slide

  33. echo mt_rand(0, 42);
    39
    CSPRNG

    View full-size slide

  34. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View full-size slide

  35. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View full-size slide

  36. mt_srand(10);
    echo mt_rand(0, 42);
    21
    CSPRNG

    View full-size slide

  37. rand(); mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  38. AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  39. CSPRNG’S
    USE BETTER SEEDS
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  40. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  41. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  42. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Since the UNIX fork() system call
    duplicates the entire process state, a
    random number generator which does not
    take this issue into account will produce
    the same sequence of random numbers in
    both the parent and the child […], leading
    to cryptographic disaster…

    View full-size slide

  43. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    OpenSSL cannot fix the fork-
    safety problem because its not in
    a position to do so. However,
    there are [solutions] available
    and they are listed below.

    View full-size slide

  44. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Don't use
    RAND_bytes

    View full-size slide

  45. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Instead, you can read directly
    from /dev/random,
    /dev/urandom or
    /dev/srandom; or use
    CryptGenRandom on Windows
    systems.

    View full-size slide

  46. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  47. mcrypt_create_iv()

    View full-size slide

  48. mcrypt_create_iv()

    View full-size slide

  49. mcrypt_create_iv()

    View full-size slide

  50. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  51. /dev/*random

    View full-size slide

  52. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  53. Why is CSPRNG so hard in PHP?

    View full-size slide

  54. SUNSHINE PHP
    2015
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  55. Why is CSPRNG so hard in PHP?

    View full-size slide

  56. Because no one’s made it easy.

    View full-size slide

  57. CSPRNG
    MAKE
    EASY

    View full-size slide

  58. I have NO idea what I’m doing!

    View full-size slide

  59. Start with user-land implementation

    View full-size slide

  60. github.com/SammyK/php-src-csprng

    View full-size slide

  61. THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  62. Vetted by infosec nerds. including…

    View full-size slide

  63. SCOTT
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  64. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  65. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  66. ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  67. IMPLEMENTATION
    THE ACTUAL
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  68. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View full-size slide

  69. github.com/php/php-src/pull/191/files

    View full-size slide

  70. /ext/standard/basic_functions.c

    View full-size slide

  71. /ext/standard/base64.c

    View full-size slide

  72. COPY PASTE
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  73. COMPILE TEST
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  74. random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  75. ROOM 11
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  76. segfault
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  77. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View full-size slide

  78. LEIGH
    LAST NAME?
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  79. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  80. THE
    P R O C E S S
    (REQUEST FOR COMMENTS)
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  81. [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  82. GET YOU SOME
    WIKI KARMA
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  83. GET YOU SOME WIKI KARMA
    wiki.php.net
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  84. GET YOU SOME WIKI KARMA
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  85. YOUR RFC
    CREATE
    wiki.php.net/rfc/howto
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  86. YOUR RFC
    ANNOUNCE
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  87. FOR 2 WEEKS
    WAIT
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  88. UNDER DISCUSSION
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  89. ANNOUNCE THE
    VOTING
    PHASE
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  90. USUALLY 2 WEEKS
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  91. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  92. sammyk.me/how-to-contribute-to-php-documentation
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  93. THE PROCESS
    FIN
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  94. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  95. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  96. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  97. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  98. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View full-size slide

  99. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View full-size slide

  100. Let’s do this sh… stuff!

    View full-size slide

  101. LATER
    …TWO WEEKS

    View full-size slide

  102. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  103. @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  104. JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  105. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View full-size slide

  106. I STILL have no idea what I’m doing!

    View full-size slide

  107. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  108. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  109. COMMUNITY
    LOVING
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  110. I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE
    TESTS
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  111. TABS
    INTERNALS USES
    @SammyK #mwphp17 joind.in/talk/01835

    View full-size slide

  112. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    Hire me! :)
    /talk/01835

    View full-size slide