Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My Journey To The Center Of PHP - Northeast PHP 2017

My Journey To The Center Of PHP - Northeast PHP 2017

Talk given at Northeast PHP 2017 on August 10, 2017.

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

8c090cc1ccd623a146ddd9159b1bf7e2?s=128

Sammy Kaye Powers

August 10, 2017
Tweet

Transcript

  1. A U G U S T 1 0 T H

    , 2 0 1 7 JOURNEY MY CENTER TO THE OF S A M M Y K A Y E P O W E R S @SammyK #nephp17 joind.in/talk/8e1b4
  2. @SammyK #nephp17 joind.in/talk/8e1b4 SLIDES GET THE joind.in/talk/8e1b4

  3. SCARY! INTERNALS IS http://saint-max.deviantart.com

  4. I don’t know C! Internals is scary! I don’t know

    what I’m doing!
  5. @SammyK #nephp17 joind.in/talk/8e1b4 BOOKS ON PHP 7 INTERNALS: THIS PAGE

    INTENTIONALLY LEFT BLANK
  6. @SammyK #nephp17 joind.in/talk/8e1b4 WEBSITES ON PHP 7 INTERNALS: PHPINTERNALSBOOK.COM

  7. @SammyK #nephp17 joind.in/talk/8e1b4 BUBBLE MY 1998-2013

  8. @SammyK #nephp17 joind.in/talk/8e1b4 LARACON 2014 NEW YORK PHP|TEK CHICAGO

  9. @SammyK #nephp17 joind.in/talk/8e1b4 PHP|TEK HACK-A-THON CONTRIBUTE TO PHP

  10. @SammyK #nephp17 joind.in/talk/8e1b4 I don’t know what I’m doing!

  11. ELIZABETH SMITH DERICK RETHANS

  12. None
  13. ANTHONY FERRARA

  14. CONTRIBUTION MY FIRST

  15. @SammyK #nephp17 joind.in/talk/8e1b4 this is a table…

  16. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  17. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  18. @SammyK #nephp17 joind.in/talk/8e1b4 TABS SPACES VS

  19. @SammyK #nephp17 joind.in/talk/8e1b4 CLOSER TO INTERNALS PUSHED ME

  20. @SammyK #nephp17 joind.in/talk/8e1b4 OPEN SOURCE

  21. PHP SDK FACEBOOK

  22. @SammyK #nephp17 joind.in/talk/8e1b4 FOSCO MAROTTO

  23. @SammyK #nephp17 joind.in/talk/8e1b4 HQ FACEBOOK

  24. None
  25. @SammyK #nephp17 joind.in/talk/8e1b4 CHANGED IT ALL THE PR THAT

  26. None
  27. None
  28. @SammyK #nephp17 joind.in/talk/8e1b4 SCOTT ARCISZEWSKI (AR - SIZ - ZU

    - SKI)
  29. @SammyK #nephp17 joind.in/talk/8e1b4

  30. None
  31. @SammyK #nephp17 joind.in/talk/8e1b4 SCOTT’S PR INFOSEC FALLOUT ==

  32. @SammyK #nephp17 joind.in/talk/8e1b4 I HAD A CHOICE OR

  33. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG WUT?

  34. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG WUT?

  35. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG mt_rand($min, $max); rand($min, $max); lcg_value();

  36. CSPRNG echo mt_rand(0, 42); 11

  37. CSPRNG echo mt_rand(0, 42); 7

  38. echo mt_rand(0, 42); 39 CSPRNG

  39. CSPRNG mt_srand(10); echo mt_rand(0, 42);

  40. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  41. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  42. mt_srand(10); echo mt_rand(0, 42); 21 CSPRNG

  43. @SammyK #nephp17 joind.in/talk/8e1b4 mt_rand(); AUTO SEEDING USING TIMESTAMP + A

    FEW OTHER VARIABLES CSPRNG
  44. @SammyK #nephp17 joind.in/talk/8e1b4

  45. None
  46. @SammyK #nephp17 joind.in/talk/8e1b4

  47. None
  48. @SammyK #nephp17 joind.in/talk/8e1b4 AUTO SEEDING USING TIMESTAMP + A FEW

    OTHER VARIABLES
  49. None
  50. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG’S USE BETTER SEEDS

  51. None
  52. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

  53. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

  54. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Since the UNIX fork() system call duplicates the

    entire process state, a random number generator which does not take this issue into account will produce the same sequence of random numbers in both the parent and the child […], leading to cryptographic disaster… “
  55. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety OpenSSL cannot fix the fork- safety problem because

    its not in a position to do so. However, there are [solutions] available and they are listed below. “
  56. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Don't use RAND_bytes “

  57. openssl_random_pseudo_bytes() https://wiki.openssl.org/index.php/Random_fork-safety Instead, you can read directly from /dev/random, /dev/urandom

    or /dev/srandom; or use CryptGenRandom on Windows systems. “
  58. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

  59. mcrypt_create_iv()

  60. @SammyK #nephp17 joind.in/talk/8e1b4 mcrypt_create_iv()

  61. @SammyK #nephp17 joind.in/talk/8e1b4 mcrypt_create_iv()

  62. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

  63. @SammyK #nephp17 joind.in/talk/8e1b4 /dev/*random

  64. @SammyK #nephp17 joind.in/talk/8e1b4 CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random

  65. Why is CSPRNG so hard in PHP?

  66. @SammyK #nephp17 joind.in/talk/8e1b4 SUNSHINE PHP 2015

  67. Why is CSPRNG so hard in PHP?

  68. Because no one’s made it easy.

  69. CSPRNG MAKE EASY

  70. I have NO idea what I’m doing!

  71. Start with user-land implementation

  72. github.com/SammyK/php-src-csprng

  73. @SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_int($min, $max) random_bytes($bytes)

    random_hex($bytes)
  74. Vetted by infosec nerds. including…

  75. @SammyK #nephp17 joind.in/talk/8e1b4 SCOTT

  76. @SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min,

    $max)
  77. @SammyK #nephp17 joind.in/talk/8e1b4 THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min,

    $max) two
  78. @SammyK #nephp17 joind.in/talk/8e1b4 ADD NEW FUNCTIONS bin2hex(random_bytes($bytes)) === THREE two

    random_hex($bytes)
  79. @SammyK #nephp17 joind.in/talk/8e1b4 IMPLEMENTATION THE ACTUAL

  80. None
  81. google!

  82. COPY I DON’T ALWAYS PASTE & BUT WHEN I DO…

  83. github.com/php/php-src/pull/191/files

  84. /ext/standard/basic_functions.c

  85. /ext/standard/base64.c

  86. @SammyK #nephp17 joind.in/talk/8e1b4 COPY PASTE

  87. @SammyK #nephp17 joind.in/talk/8e1b4 COMPILE TEST

  88. @SammyK #nephp17 joind.in/talk/8e1b4 random bytes int min max ?? ??

    ? ??!!
  89. @SammyK #nephp17 joind.in/talk/8e1b4 ROOM 11

  90. segfault

  91. I have NO idea what I’m doing! random bytes int

    min max
  92. @SammyK #nephp17 joind.in/talk/8e1b4 LEIGH LAST NAME?

  93. None
  94. @SammyK #nephp17 joind.in/talk/8e1b4 THE P R O C E S

    S (REQUEST FOR COMMENTS)
  95. @SammyK #nephp17 joind.in/talk/8e1b4 INTERNALS@LISTS.PHP.NET

  96. @SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA

  97. @SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA wiki.php.net

  98. @SammyK #nephp17 joind.in/talk/8e1b4 GET YOU SOME WIKI KARMA INTERNALS@LISTS.PHP.NET

  99. @SammyK #nephp17 joind.in/talk/8e1b4 YOUR RFC CREATE wiki.php.net/rfc/howto

  100. @SammyK #nephp17 joind.in/talk/8e1b4 YOUR RFC ANNOUNCE INTERNALS@LISTS.PHP.NET

  101. @SammyK #nephp17 joind.in/talk/8e1b4 FOR 2 WEEKS WAIT

  102. @SammyK #nephp17 joind.in/talk/8e1b4 UNDER DISCUSSION

  103. @SammyK #nephp17 joind.in/talk/8e1b4 ANNOUNCE THE VOTING PHASE INTERNALS@LISTS.PHP.NET

  104. @SammyK #nephp17 joind.in/talk/8e1b4 USUALLY 2 WEEKS

  105. @SammyK #nephp17 joind.in/talk/8e1b4

  106. @SammyK #nephp17 joind.in/talk/8e1b4 sammyk.me/how-to-contribute-to-php-documentation

  107. @SammyK #nephp17 joind.in/talk/8e1b4 THE PROCESS FIN

  108. @SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST

  109. @SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST

  110. @SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST

    ✓ ✓
  111. @SammyK #nephp17 joind.in/talk/8e1b4 RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST

    ✓ ✓ x
  112. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    PHP internals is scawy!
  113. Everyone is smarter than me - I’ll be a laughingstock!

    Everyone is mean - look at scalar type- hints drama!
  114. Let’s do this sh… stuff!

  115. None
  116. None
  117. LATER …TWO WEEKS

  118. None
  119. None
  120. @SammyK #nephp17 joind.in/talk/8e1b4

  121. @SammyK #nephp17 joind.in/talk/8e1b4

  122. @SammyK #nephp17 joind.in/talk/8e1b4 JOURNEY MY CENTER TO THE OF IT’S

    LIKE EATING
  123. LEARNED WHAT I I don’t know what I’m doing! HOW

    FEATURES ARE ADDED TO PHP THE CULTURE OF PHP INTERNALS BETTER AT C & C++ DEEPER UNDERSTANDING OF CSPRNG’S BINARY AND HEXADECIMAL NUMBER SYSTEMS HOW TO CONTRIBUTE TO THE PHP DOCS AND TONS MORE!
  124. I STILL have no idea what I’m doing!

  125. SCARY! INTERNALS IS http://saint-max.deviantart.com

  126. SCARY! INTERNALS IS http://saint-max.deviantart.com not ^

  127. @SammyK #nephp17 joind.in/talk/8e1b4 COMMUNITY LOVING

  128. @SammyK #nephp17 joind.in/talk/8e1b4 I N T E R N A

    L S N E E D S YOU SOURCE BUGS WEBSITE TESTS
  129. For PHP Source Writing Tests Tomorrow @ 9AM Richmond Room

    #SHAMELESSPLUG
  130. @SammyK #nephp17 joind.in/talk/8e1b4 TABS INTERNALS USES

  131. THANKS! SAMMY KAYE POWERS @SammyK SammyK.me Host of @PHPRoundtable @ChiPHPUG

    West Coast Swing /talk/8e1b4 I have stickers!