My journey to the center of PHP - Midwest PHP 2017

My journey to the center of PHP - Midwest PHP 2017

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

8c090cc1ccd623a146ddd9159b1bf7e2?s=128

Sammy Kaye Powers

March 18, 2017
Tweet

Transcript

  1. M A R C H 1 8 T H ,

    2 0 1 7 JOURNEY MY CENTER TO THE OF S A M M Y K A Y E P O W E R S @SammyK #mwphp17 joind.in/talk/01835
  2. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

  3. I don’t know C! Internals is scary! I don’t know

    what I’m doing!
  4. BOOKS ON PHP 7 INTERNALS: THIS PAGE INTENTIONALLY LEFT BLANK

    @SammyK #mwphp17 joind.in/talk/01835
  5. BUBBLE MY 1998-2013 @SammyK #mwphp17 joind.in/talk/01835

  6. LARACON 2014 NEW YORK PHP|TEK CHICAGO @SammyK #mwphp17 joind.in/talk/01835

  7. PHP|TEK HACK-A-THON CONTRIBUTE TO PHP @SammyK #mwphp17 joind.in/talk/01835

  8. I don’t know what I’m doing! @SammyK #mwphp17 joind.in/talk/01835

  9. ELIZABETH SMITH DERICK RETHANS

  10. @SammyK #mwphp17 joind.in/talk/01835

  11. ANTHONY FERRARA @SammyK #mwphp17 joind.in/talk/01835

  12. CONTRIBUTION MY FIRST

  13. this is a table… @SammyK #mwphp17 joind.in/talk/01835

  14. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  15. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  16. TABS SPACES VS

  17. CLOSER TO INTERNALS PUSHED ME

  18. OPEN SOURCE @SammyK #mwphp17 joind.in/talk/01835

  19. PHP SDK FACEBOOK

  20. FOSCO MAROTTO @SammyK #mwphp17 joind.in/talk/01835

  21. HQ FACEBOOK @SammyK #mwphp17 joind.in/talk/01835

  22. None
  23. CHANGED IT ALL THE PR THAT @SammyK #mwphp17 joind.in/talk/01835

  24. None
  25. None
  26. SCOTT ARCISZEWSKI (AR - SIZ - ZU - SKI) @SammyK

    #mwphp17 joind.in/talk/01835
  27. @SammyK #mwphp17 joind.in/talk/01835

  28. @SammyK #mwphp17 joind.in/talk/01835

  29. SCOTT’S PR INFOSEC FALLOUT == @SammyK #mwphp17 joind.in/talk/01835

  30. I HAD A CHOICE OR @SammyK #mwphp17 joind.in/talk/01835

  31. CSPRNG WUT? @SammyK #mwphp17 joind.in/talk/01835

  32. CSPRNG WUT? @SammyK #mwphp17 joind.in/talk/01835

  33. CSPRNG mt_rand($min, $max); rand($min, $max); @SammyK #mwphp17 joind.in/talk/01835

  34. CSPRNG echo mt_rand(0, 42); 11

  35. CSPRNG echo mt_rand(0, 42); 7

  36. echo mt_rand(0, 42); 39 CSPRNG

  37. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  38. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  39. mt_srand(10); echo mt_rand(0, 42); 21 CSPRNG

  40. rand(); mt_rand(); AUTO SEEDING USING TIMESTAMP + A FEW OTHER

    VARIABLES CSPRNG @SammyK #mwphp17 joind.in/talk/01835
  41. None
  42. None
  43. None
  44. None
  45. AUTO SEEDING USING TIMESTAMP + A FEW OTHER VARIABLES @SammyK

    #mwphp17 joind.in/talk/01835
  46. None
  47. CSPRNG’S USE BETTER SEEDS @SammyK #mwphp17 joind.in/talk/01835

  48. None
  49. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #mwphp17 joind.in/talk/01835

  50. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #mwphp17 joind.in/talk/01835

  51. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Since the UNIX fork() system call duplicates the

    entire process state, a random number generator which does not take this issue into account will produce the same sequence of random numbers in both the parent and the child […], leading to cryptographic disaster… “
  52. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety OpenSSL cannot fix the fork- safety problem because

    its not in a position to do so. However, there are [solutions] available and they are listed below. “
  53. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Don't use RAND_bytes “

  54. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Instead, you can read directly from /dev/random, /dev/urandom

    or /dev/srandom; or use CryptGenRandom on Windows systems. “
  55. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #mwphp17 joind.in/talk/01835

  56. mcrypt_create_iv()

  57. mcrypt_create_iv()

  58. mcrypt_create_iv()

  59. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #mwphp17 joind.in/talk/01835

  60. /dev/*random

  61. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #mwphp17 joind.in/talk/01835

  62. Why is CSPRNG so hard in PHP?

  63. SUNSHINE PHP 2015 @SammyK #mwphp17 joind.in/talk/01835

  64. Why is CSPRNG so hard in PHP?

  65. Because no one’s made it easy.

  66. CSPRNG MAKE EASY

  67. I have NO idea what I’m doing!

  68. Start with user-land implementation

  69. github.com/SammyK/php-src-csprng

  70. THREE ADD NEW FUNCTIONS random_int($min, $max) random_bytes($bytes) random_hex($bytes) @SammyK #mwphp17

    joind.in/talk/01835
  71. Vetted by infosec nerds. including…

  72. SCOTT @SammyK #mwphp17 joind.in/talk/01835

  73. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) @SammyK #mwphp17

    joind.in/talk/01835
  74. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) two @SammyK

    #mwphp17 joind.in/talk/01835
  75. ADD NEW FUNCTIONS bin2hex(random_bytes($bytes)) === THREE two random_hex($bytes) @SammyK #mwphp17

    joind.in/talk/01835
  76. IMPLEMENTATION THE ACTUAL @SammyK #mwphp17 joind.in/talk/01835

  77. None
  78. google!

  79. COPY I DON’T ALWAYS PASTE & BUT WHEN I DO…

  80. github.com/php/php-src/pull/191/files

  81. /ext/standard/basic_functions.c

  82. /ext/standard/base64.c

  83. COPY PASTE @SammyK #mwphp17 joind.in/talk/01835

  84. COMPILE TEST @SammyK #mwphp17 joind.in/talk/01835

  85. random bytes int min max ?? ?? ? ??!! @SammyK

    #mwphp17 joind.in/talk/01835
  86. ROOM 11 @SammyK #mwphp17 joind.in/talk/01835

  87. segfault @SammyK #mwphp17 joind.in/talk/01835

  88. I have NO idea what I’m doing! random bytes int

    min max
  89. LEIGH LAST NAME? @SammyK #mwphp17 joind.in/talk/01835

  90. @SammyK #mwphp17 joind.in/talk/01835

  91. THE P R O C E S S (REQUEST FOR

    COMMENTS) @SammyK #mwphp17 joind.in/talk/01835
  92. INTERNALS@LISTS.PHP.NET @SammyK #mwphp17 joind.in/talk/01835

  93. GET YOU SOME WIKI KARMA @SammyK #mwphp17 joind.in/talk/01835

  94. GET YOU SOME WIKI KARMA wiki.php.net @SammyK #mwphp17 joind.in/talk/01835

  95. GET YOU SOME WIKI KARMA INTERNALS@LISTS.PHP.NET @SammyK #mwphp17 joind.in/talk/01835

  96. YOUR RFC CREATE wiki.php.net/rfc/howto @SammyK #mwphp17 joind.in/talk/01835

  97. YOUR RFC ANNOUNCE INTERNALS@LISTS.PHP.NET @SammyK #mwphp17 joind.in/talk/01835

  98. FOR 2 WEEKS WAIT @SammyK #mwphp17 joind.in/talk/01835

  99. UNDER DISCUSSION @SammyK #mwphp17 joind.in/talk/01835

  100. ANNOUNCE THE VOTING PHASE INTERNALS@LISTS.PHP.NET @SammyK #mwphp17 joind.in/talk/01835

  101. USUALLY 2 WEEKS @SammyK #mwphp17 joind.in/talk/01835

  102. @SammyK #mwphp17 joind.in/talk/01835

  103. sammyk.me/how-to-contribute-to-php-documentation @SammyK #mwphp17 joind.in/talk/01835

  104. THE PROCESS FIN @SammyK #mwphp17 joind.in/talk/01835

  105. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST @SammyK #mwphp17 joind.in/talk/01835

  106. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ @SammyK #mwphp17

    joind.in/talk/01835
  107. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ @SammyK

    #mwphp17 joind.in/talk/01835
  108. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    @SammyK #mwphp17 joind.in/talk/01835
  109. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    PHP internals is scawy!
  110. Everyone is smarter than me - I’ll be a laughingstock!

    Everyone is mean - look at scalar type- hints drama!
  111. Let’s do this sh… stuff!

  112. None
  113. None
  114. LATER …TWO WEEKS

  115. None
  116. None
  117. @SammyK #mwphp17 joind.in/talk/01835

  118. @SammyK #mwphp17 joind.in/talk/01835

  119. JOURNEY MY CENTER TO THE OF IT’S LIKE EATING @SammyK

    #mwphp17 joind.in/talk/01835
  120. LEARNED WHAT I I don’t know what I’m doing! HOW

    FEATURES ARE ADDED TO PHP THE CULTURE OF PHP INTERNALS BETTER AT C & C++ DEEPER UNDERSTANDING OF CSPRNG’S BINARY AND HEXADECIMAL NUMBER SYSTEMS HOW TO CONTRIBUTE TO THE PHP DOCS AND TONS MORE!
  121. I STILL have no idea what I’m doing!

  122. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

  123. SCARY! INTERNALS IS http://saint-max.deviantart.com not ^ @SammyK #mwphp17 joind.in/talk/01835

  124. COMMUNITY LOVING @SammyK #mwphp17 joind.in/talk/01835

  125. I N T E R N A L S N

    E E D S YOU SOURCE BUGS WEBSITE TESTS @SammyK #mwphp17 joind.in/talk/01835
  126. TABS INTERNALS USES @SammyK #mwphp17 joind.in/talk/01835

  127. THANKS! SAMMY KAYE POWERS @SammyK SammyK.me Host of @PHPRoundtable @ChiPHPUG

    West Coast Swing Hire me! :) /talk/01835