Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My journey to the center of PHP - Midwest PHP 2017

Sammy Kaye Powers
March 18, 2017
Programming
0
290

My journey to the center of PHP - Midwest PHP 2017

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

Sammy Kaye Powers

March 18, 2017
Tweet

More Decks by Sammy Kaye Powers

See All by Sammy Kaye Powers
Going Bare - Writing The Web Without A Framework - Longhorn PHP 2019
sammyk
1
930
Going bare - writing the web without a framework - php[world] 2018
sammyk
0
480
The Debug Dance - An Intro To Step Debugging - php[world] 2018
sammyk
0
1k
Let's get random: Under the hood of PHP 7's CSPRNG - ZendCon & OpenEnterprise 2018
sammyk
0
1.1k
The debug dance: An intro to step debugging - ZendCon & OpenEnterprise 2018
sammyk
1
300
Going Bare - Writing the web without a framework - Cascadia PHP 2018
sammyk
0
360
Let's Get Random - Under The Hood of PHP 7's CSPRNG - php[tek] 2018
sammyk
0
220
Writing Tests For PHP Source - ZendCon 2017
sammyk
1
1.2k
Going Bare - Writing the web without a framework - ZendCon 2017
sammyk
2
330

Other Decks in Programming

See All in Programming
第6回 AWSとGitHub勉強会 - AWS ECS Fargate環境の構築 -
ogiwarat
0
130
Google Cloud Next '23 Recap AI 時代のデータベース関連のイケてるアップデートをお届け
maroon1st
0
400
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
180
about_rails_girls_document_translation
maimux2x
0
5k
Unit of Workパターンで永続化とトランザクションを制御する
shimabox
7
1.5k
Maintaining E2E Test Automation as We Transition from View to Compose
tkhs0604
0
510
RustでWasm Runtimeを書いた in UV_Study
skanehira
1
250
7 principles for rich web apps And how next.js achieves these principles
yosuke_furukawa
PRO
6
1k
EbitengineでGUIツール作ってみた
aethiopicuschan
0
160
たのしいドメイン駆動設計: 序 / Enjoy domain driven design : ZYO
jpt_corp_official
8
3.9k
RDRA, ICONIX, DDDの実践から得た学び
hsawaji
5
760
認知負荷で考えるフロントエンドの組織体制
shibe23
0
430

Featured

See All Featured
Into the Great Unknown - MozCon
thekraken
7
600
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
A Modern Web Designer's Workflow
chriscoyier
688
190k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.4k
Code Review Best Practice
trishagee
53
13k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k
Done Done
chrislema
178
15k
Producing Creativity
orderedlist
PRO
336
38k
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.3k
Build your cross-platform service in a week with App Engine
jlugia
223
17k

Transcript

  1. M A R C H 1 8 T H , 2 0 1 7
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  2. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  3. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View Slide

  4. BOOKS ON PHP 7 INTERNALS:
    THIS PAGE INTENTIONALLY LEFT BLANK
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  5. BUBBLE
    MY
    1998-2013
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  6. LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  7. PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  8. I don’t know what I’m doing!
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  9. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View Slide

  10. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  11. ANTHONY
    FERRARA
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  12. CONTRIBUTION
    MY FIRST

    View Slide

  13. this is a table…
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  14. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  15. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  16. TABS
    SPACES
    VS

    View Slide

  17. CLOSER
    TO INTERNALS
    PUSHED ME

    View Slide

  18. OPEN
    SOURCE
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  19. PHP SDK
    FACEBOOK

    View Slide

  20. FOSCO
    MAROTTO
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  21. HQ
    FACEBOOK
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  22. View Slide

  23. CHANGED IT ALL
    THE PR THAT
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  24. View Slide

  25. View Slide

  26. SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  27. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  28. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  29. SCOTT’S PR
    INFOSEC FALLOUT
    ==
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  30. I HAD A CHOICE
    OR
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  31. CSPRNG
    WUT?
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  32. CSPRNG
    WUT?
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  33. CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  34. CSPRNG
    echo mt_rand(0, 42);
    11

    View Slide

  35. CSPRNG
    echo mt_rand(0, 42);
    7

    View Slide

  36. echo mt_rand(0, 42);
    39
    CSPRNG

    View Slide

  37. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  38. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  39. mt_srand(10);
    echo mt_rand(0, 42);
    21
    CSPRNG

    View Slide

  40. rand(); mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  41. View Slide

  42. View Slide

  43. View Slide

  44. View Slide

  45. AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  46. View Slide

  47. CSPRNG’S
    USE BETTER SEEDS
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  48. View Slide

  49. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  50. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  51. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Since the UNIX fork() system call
    duplicates the entire process state, a
    random number generator which does not
    take this issue into account will produce
    the same sequence of random numbers in
    both the parent and the child […], leading
    to cryptographic disaster…

    View Slide

  52. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    OpenSSL cannot fix the fork-
    safety problem because its not in
    a position to do so. However,
    there are [solutions] available
    and they are listed below.

    View Slide

  53. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Don't use
    RAND_bytes

    View Slide

  54. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Instead, you can read directly
    from /dev/random,
    /dev/urandom or
    /dev/srandom; or use
    CryptGenRandom on Windows
    systems.

    View Slide

  55. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  56. mcrypt_create_iv()

    View Slide

  57. mcrypt_create_iv()

    View Slide

  58. mcrypt_create_iv()

    View Slide

  59. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  60. /dev/*random

    View Slide

  61. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  62. Why is CSPRNG so hard in PHP?

    View Slide

  63. SUNSHINE PHP
    2015
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  64. Why is CSPRNG so hard in PHP?

    View Slide

  65. Because no one’s made it easy.

    View Slide

  66. CSPRNG
    MAKE
    EASY

    View Slide

  67. I have NO idea what I’m doing!

    View Slide

  68. Start with user-land implementation

    View Slide

  69. github.com/SammyK/php-src-csprng

    View Slide

  70. THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  71. Vetted by infosec nerds. including…

    View Slide

  72. SCOTT
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  73. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  74. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  75. ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  76. IMPLEMENTATION
    THE ACTUAL
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  77. View Slide

  78. google!

    View Slide

  79. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View Slide

  80. github.com/php/php-src/pull/191/files

    View Slide

  81. /ext/standard/basic_functions.c

    View Slide

  82. /ext/standard/base64.c

    View Slide

  83. COPY PASTE
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  84. COMPILE TEST
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  85. random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  86. ROOM 11
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  87. segfault
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  88. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View Slide

  89. LEIGH
    LAST NAME?
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  90. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  91. THE
    P R O C E S S
    (REQUEST FOR COMMENTS)
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  92. [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  93. GET YOU SOME
    WIKI KARMA
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  94. GET YOU SOME WIKI KARMA
    wiki.php.net
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  95. GET YOU SOME WIKI KARMA
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  96. YOUR RFC
    CREATE
    wiki.php.net/rfc/howto
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  97. YOUR RFC
    ANNOUNCE
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  98. FOR 2 WEEKS
    WAIT
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  99. UNDER DISCUSSION
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  100. ANNOUNCE THE
    VOTING
    PHASE
    [email protected]
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  101. USUALLY 2 WEEKS
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  102. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  103. sammyk.me/how-to-contribute-to-php-documentation
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  104. THE PROCESS
    FIN
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  105. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  106. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  107. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  108. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  109. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View Slide

  110. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View Slide

  111. Let’s do this sh… stuff!

    View Slide

  112. View Slide

  113. View Slide

  114. LATER
    …TWO WEEKS

    View Slide

  115. View Slide

  116. View Slide

  117. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  118. @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  119. JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  120. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View Slide

  121. I STILL have no idea what I’m doing!

    View Slide

  122. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  123. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  124. COMMUNITY
    LOVING
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  125. I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE
    TESTS
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  126. TABS
    INTERNALS USES
    @SammyK #mwphp17 joind.in/talk/01835

    View Slide

  127. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    Hire me! :)
    /talk/01835

    View Slide