Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My Journey To The Center Of PHP - Northeast PHP 2017

My Journey To The Center Of PHP - Northeast PHP 2017

Talk given at Northeast PHP 2017 on August 10, 2017.

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

Sammy Kaye Powers

August 10, 2017
Tweet

More Decks by Sammy Kaye Powers

Other Decks in Programming

Transcript

  1. A U G U S T 1 0 T H , 2 0 1 7
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  2. @SammyK #nephp17 joind.in/talk/8e1b4
    SLIDES
    GET THE
    joind.in/talk/8e1b4

    View Slide

  3. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com

    View Slide

  4. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View Slide

  5. @SammyK #nephp17 joind.in/talk/8e1b4
    BOOKS ON PHP 7 INTERNALS:
    THIS PAGE INTENTIONALLY LEFT BLANK

    View Slide

  6. @SammyK #nephp17 joind.in/talk/8e1b4
    WEBSITES ON PHP 7 INTERNALS:
    PHPINTERNALSBOOK.COM

    View Slide

  7. @SammyK #nephp17 joind.in/talk/8e1b4
    BUBBLE
    MY
    1998-2013

    View Slide

  8. @SammyK #nephp17 joind.in/talk/8e1b4
    LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO

    View Slide

  9. @SammyK #nephp17 joind.in/talk/8e1b4
    PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP

    View Slide

  10. @SammyK #nephp17 joind.in/talk/8e1b4
    I don’t know what I’m doing!

    View Slide

  11. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View Slide

  12. View Slide

  13. ANTHONY
    FERRARA

    View Slide

  14. CONTRIBUTION
    MY FIRST

    View Slide

  15. @SammyK #nephp17 joind.in/talk/8e1b4
    this is a table…

    View Slide

  16. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  17. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  18. @SammyK #nephp17 joind.in/talk/8e1b4
    TABS
    SPACES
    VS

    View Slide

  19. @SammyK #nephp17 joind.in/talk/8e1b4
    CLOSER
    TO INTERNALS
    PUSHED ME

    View Slide

  20. @SammyK #nephp17 joind.in/talk/8e1b4
    OPEN
    SOURCE

    View Slide

  21. PHP SDK
    FACEBOOK

    View Slide

  22. @SammyK #nephp17 joind.in/talk/8e1b4
    FOSCO
    MAROTTO

    View Slide

  23. @SammyK #nephp17 joind.in/talk/8e1b4
    HQ
    FACEBOOK

    View Slide

  24. View Slide

  25. @SammyK #nephp17 joind.in/talk/8e1b4
    CHANGED IT ALL
    THE PR THAT

    View Slide

  26. View Slide

  27. View Slide

  28. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)

    View Slide

  29. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  30. View Slide

  31. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT’S PR
    INFOSEC FALLOUT
    ==

    View Slide

  32. @SammyK #nephp17 joind.in/talk/8e1b4
    I HAD A CHOICE
    OR

    View Slide

  33. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    WUT?

    View Slide

  34. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    WUT?

    View Slide

  35. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    lcg_value();

    View Slide

  36. CSPRNG
    echo mt_rand(0, 42);
    11

    View Slide

  37. CSPRNG
    echo mt_rand(0, 42);
    7

    View Slide

  38. echo mt_rand(0, 42);
    39
    CSPRNG

    View Slide

  39. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);

    View Slide

  40. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  41. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  42. mt_srand(10);
    echo mt_rand(0, 42);
    21
    CSPRNG

    View Slide

  43. @SammyK #nephp17 joind.in/talk/8e1b4
    mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG

    View Slide

  44. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  45. View Slide

  46. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  47. View Slide

  48. @SammyK #nephp17 joind.in/talk/8e1b4
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES

    View Slide

  49. View Slide

  50. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG’S
    USE BETTER SEEDS

    View Slide

  51. View Slide

  52. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View Slide

  53. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View Slide

  54. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Since the UNIX fork() system call
    duplicates the entire process state, a
    random number generator which does not
    take this issue into account will produce
    the same sequence of random numbers in
    both the parent and the child […], leading
    to cryptographic disaster…

    View Slide

  55. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    OpenSSL cannot fix the fork-
    safety problem because its not in
    a position to do so. However,
    there are [solutions] available
    and they are listed below.

    View Slide

  56. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Don't use
    RAND_bytes

    View Slide

  57. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Instead, you can read directly
    from /dev/random,
    /dev/urandom or
    /dev/srandom; or use
    CryptGenRandom on Windows
    systems.

    View Slide

  58. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View Slide

  59. mcrypt_create_iv()

    View Slide

  60. @SammyK #nephp17 joind.in/talk/8e1b4
    mcrypt_create_iv()

    View Slide

  61. @SammyK #nephp17 joind.in/talk/8e1b4
    mcrypt_create_iv()

    View Slide

  62. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View Slide

  63. @SammyK #nephp17 joind.in/talk/8e1b4
    /dev/*random

    View Slide

  64. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View Slide

  65. Why is CSPRNG so hard in PHP?

    View Slide

  66. @SammyK #nephp17 joind.in/talk/8e1b4
    SUNSHINE PHP
    2015

    View Slide

  67. Why is CSPRNG so hard in PHP?

    View Slide

  68. Because no one’s made it easy.

    View Slide

  69. CSPRNG
    MAKE
    EASY

    View Slide

  70. I have NO idea what I’m doing!

    View Slide

  71. Start with user-land implementation

    View Slide

  72. github.com/SammyK/php-src-csprng

    View Slide

  73. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)

    View Slide

  74. Vetted by infosec nerds. including…

    View Slide

  75. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT

    View Slide

  76. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)

    View Slide

  77. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two

    View Slide

  78. @SammyK #nephp17 joind.in/talk/8e1b4
    ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)

    View Slide

  79. @SammyK #nephp17 joind.in/talk/8e1b4
    IMPLEMENTATION
    THE ACTUAL

    View Slide

  80. View Slide

  81. google!

    View Slide

  82. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View Slide

  83. github.com/php/php-src/pull/191/files

    View Slide

  84. /ext/standard/basic_functions.c

    View Slide

  85. /ext/standard/base64.c

    View Slide

  86. @SammyK #nephp17 joind.in/talk/8e1b4
    COPY PASTE

    View Slide

  87. @SammyK #nephp17 joind.in/talk/8e1b4
    COMPILE TEST

    View Slide

  88. @SammyK #nephp17 joind.in/talk/8e1b4
    random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!

    View Slide

  89. @SammyK #nephp17 joind.in/talk/8e1b4
    ROOM 11

    View Slide

  90. segfault

    View Slide

  91. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View Slide

  92. @SammyK #nephp17 joind.in/talk/8e1b4
    LEIGH
    LAST NAME?

    View Slide

  93. View Slide

  94. @SammyK #nephp17 joind.in/talk/8e1b4
    THE
    P R O C E S S
    (REQUEST FOR COMMENTS)

    View Slide

  95. @SammyK #nephp17 joind.in/talk/8e1b4
    [email protected]

    View Slide

  96. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME
    WIKI KARMA

    View Slide

  97. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME WIKI KARMA
    wiki.php.net

    View Slide

  98. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME WIKI KARMA
    [email protected]

    View Slide

  99. @SammyK #nephp17 joind.in/talk/8e1b4
    YOUR RFC
    CREATE
    wiki.php.net/rfc/howto

    View Slide

  100. @SammyK #nephp17 joind.in/talk/8e1b4
    YOUR RFC
    ANNOUNCE
    [email protected]

    View Slide

  101. @SammyK #nephp17 joind.in/talk/8e1b4
    FOR 2 WEEKS
    WAIT

    View Slide

  102. @SammyK #nephp17 joind.in/talk/8e1b4
    UNDER DISCUSSION

    View Slide

  103. @SammyK #nephp17 joind.in/talk/8e1b4
    ANNOUNCE THE
    VOTING
    PHASE
    [email protected]

    View Slide

  104. @SammyK #nephp17 joind.in/talk/8e1b4
    USUALLY 2 WEEKS

    View Slide

  105. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  106. @SammyK #nephp17 joind.in/talk/8e1b4
    sammyk.me/how-to-contribute-to-php-documentation

    View Slide

  107. @SammyK #nephp17 joind.in/talk/8e1b4
    THE PROCESS
    FIN

    View Slide

  108. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    View Slide

  109. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    View Slide

  110. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    View Slide

  111. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x

    View Slide

  112. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View Slide

  113. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View Slide

  114. Let’s do this sh… stuff!

    View Slide

  115. View Slide

  116. View Slide

  117. LATER
    …TWO WEEKS

    View Slide

  118. View Slide

  119. View Slide

  120. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  121. @SammyK #nephp17 joind.in/talk/8e1b4

    View Slide

  122. @SammyK #nephp17 joind.in/talk/8e1b4
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING

    View Slide

  123. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View Slide

  124. I STILL have no idea what I’m doing!

    View Slide

  125. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com

    View Slide

  126. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^

    View Slide

  127. @SammyK #nephp17 joind.in/talk/8e1b4
    COMMUNITY
    LOVING

    View Slide

  128. @SammyK #nephp17 joind.in/talk/8e1b4
    I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE TESTS

    View Slide

  129. For PHP Source
    Writing Tests
    Tomorrow @ 9AM
    Richmond Room
    #SHAMELESSPLUG

    View Slide

  130. @SammyK #nephp17 joind.in/talk/8e1b4
    TABS
    INTERNALS USES

    View Slide

  131. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    /talk/8e1b4
    I have
    stickers!

    View Slide