Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My Journey To The Center Of PHP - Northeast PHP 2017

My Journey To The Center Of PHP - Northeast PHP 2017

Talk given at Northeast PHP 2017 on August 10, 2017.

"I don't know C!", is probably one of the most common excuses that us PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

Sammy Kaye Powers

August 10, 2017
Tweet

More Decks by Sammy Kaye Powers

Other Decks in Programming

Transcript

  1. A U G U S T 1 0 T H , 2 0 1 7
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  2. @SammyK #nephp17 joind.in/talk/8e1b4
    SLIDES
    GET THE
    joind.in/talk/8e1b4

    View full-size slide

  3. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com

    View full-size slide

  4. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View full-size slide

  5. @SammyK #nephp17 joind.in/talk/8e1b4
    BOOKS ON PHP 7 INTERNALS:
    THIS PAGE INTENTIONALLY LEFT BLANK

    View full-size slide

  6. @SammyK #nephp17 joind.in/talk/8e1b4
    WEBSITES ON PHP 7 INTERNALS:
    PHPINTERNALSBOOK.COM

    View full-size slide

  7. @SammyK #nephp17 joind.in/talk/8e1b4
    BUBBLE
    MY
    1998-2013

    View full-size slide

  8. @SammyK #nephp17 joind.in/talk/8e1b4
    LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO

    View full-size slide

  9. @SammyK #nephp17 joind.in/talk/8e1b4
    PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP

    View full-size slide

  10. @SammyK #nephp17 joind.in/talk/8e1b4
    I don’t know what I’m doing!

    View full-size slide

  11. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View full-size slide

  12. ANTHONY
    FERRARA

    View full-size slide

  13. CONTRIBUTION
    MY FIRST

    View full-size slide

  14. @SammyK #nephp17 joind.in/talk/8e1b4
    this is a table…

    View full-size slide

  15. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View full-size slide

  16. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View full-size slide

  17. @SammyK #nephp17 joind.in/talk/8e1b4
    TABS
    SPACES
    VS

    View full-size slide

  18. @SammyK #nephp17 joind.in/talk/8e1b4
    CLOSER
    TO INTERNALS
    PUSHED ME

    View full-size slide

  19. @SammyK #nephp17 joind.in/talk/8e1b4
    OPEN
    SOURCE

    View full-size slide

  20. PHP SDK
    FACEBOOK

    View full-size slide

  21. @SammyK #nephp17 joind.in/talk/8e1b4
    FOSCO
    MAROTTO

    View full-size slide

  22. @SammyK #nephp17 joind.in/talk/8e1b4
    HQ
    FACEBOOK

    View full-size slide

  23. @SammyK #nephp17 joind.in/talk/8e1b4
    CHANGED IT ALL
    THE PR THAT

    View full-size slide

  24. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)

    View full-size slide

  25. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  26. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT’S PR
    INFOSEC FALLOUT
    ==

    View full-size slide

  27. @SammyK #nephp17 joind.in/talk/8e1b4
    I HAD A CHOICE
    OR

    View full-size slide

  28. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    WUT?

    View full-size slide

  29. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    WUT?

    View full-size slide

  30. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    lcg_value();

    View full-size slide

  31. CSPRNG
    echo mt_rand(0, 42);
    11

    View full-size slide

  32. CSPRNG
    echo mt_rand(0, 42);
    7

    View full-size slide

  33. echo mt_rand(0, 42);
    39
    CSPRNG

    View full-size slide

  34. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);

    View full-size slide

  35. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View full-size slide

  36. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View full-size slide

  37. mt_srand(10);
    echo mt_rand(0, 42);
    21
    CSPRNG

    View full-size slide

  38. @SammyK #nephp17 joind.in/talk/8e1b4
    mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG

    View full-size slide

  39. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  40. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  41. @SammyK #nephp17 joind.in/talk/8e1b4
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES

    View full-size slide

  42. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG’S
    USE BETTER SEEDS

    View full-size slide

  43. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View full-size slide

  44. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View full-size slide

  45. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Since the UNIX fork() system call
    duplicates the entire process state, a
    random number generator which does not
    take this issue into account will produce
    the same sequence of random numbers in
    both the parent and the child […], leading
    to cryptographic disaster…

    View full-size slide

  46. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    OpenSSL cannot fix the fork-
    safety problem because its not in
    a position to do so. However,
    there are [solutions] available
    and they are listed below.

    View full-size slide

  47. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Don't use
    RAND_bytes

    View full-size slide

  48. openssl_random_pseudo_bytes()
    https://wiki.openssl.org/index.php/Random_fork-safety
    Instead, you can read directly
    from /dev/random,
    /dev/urandom or
    /dev/srandom; or use
    CryptGenRandom on Windows
    systems.

    View full-size slide

  49. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View full-size slide

  50. mcrypt_create_iv()

    View full-size slide

  51. @SammyK #nephp17 joind.in/talk/8e1b4
    mcrypt_create_iv()

    View full-size slide

  52. @SammyK #nephp17 joind.in/talk/8e1b4
    mcrypt_create_iv()

    View full-size slide

  53. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View full-size slide

  54. @SammyK #nephp17 joind.in/talk/8e1b4
    /dev/*random

    View full-size slide

  55. @SammyK #nephp17 joind.in/talk/8e1b4
    CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random

    View full-size slide

  56. Why is CSPRNG so hard in PHP?

    View full-size slide

  57. @SammyK #nephp17 joind.in/talk/8e1b4
    SUNSHINE PHP
    2015

    View full-size slide

  58. Why is CSPRNG so hard in PHP?

    View full-size slide

  59. Because no one’s made it easy.

    View full-size slide

  60. CSPRNG
    MAKE
    EASY

    View full-size slide

  61. I have NO idea what I’m doing!

    View full-size slide

  62. Start with user-land implementation

    View full-size slide

  63. github.com/SammyK/php-src-csprng

    View full-size slide

  64. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)

    View full-size slide

  65. Vetted by infosec nerds. including…

    View full-size slide

  66. @SammyK #nephp17 joind.in/talk/8e1b4
    SCOTT

    View full-size slide

  67. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)

    View full-size slide

  68. @SammyK #nephp17 joind.in/talk/8e1b4
    THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two

    View full-size slide

  69. @SammyK #nephp17 joind.in/talk/8e1b4
    ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)

    View full-size slide

  70. @SammyK #nephp17 joind.in/talk/8e1b4
    IMPLEMENTATION
    THE ACTUAL

    View full-size slide

  71. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View full-size slide

  72. github.com/php/php-src/pull/191/files

    View full-size slide

  73. /ext/standard/basic_functions.c

    View full-size slide

  74. /ext/standard/base64.c

    View full-size slide

  75. @SammyK #nephp17 joind.in/talk/8e1b4
    COPY PASTE

    View full-size slide

  76. @SammyK #nephp17 joind.in/talk/8e1b4
    COMPILE TEST

    View full-size slide

  77. @SammyK #nephp17 joind.in/talk/8e1b4
    random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!

    View full-size slide

  78. @SammyK #nephp17 joind.in/talk/8e1b4
    ROOM 11

    View full-size slide

  79. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View full-size slide

  80. @SammyK #nephp17 joind.in/talk/8e1b4
    LEIGH
    LAST NAME?

    View full-size slide

  81. @SammyK #nephp17 joind.in/talk/8e1b4
    THE
    P R O C E S S
    (REQUEST FOR COMMENTS)

    View full-size slide

  82. @SammyK #nephp17 joind.in/talk/8e1b4
    [email protected]

    View full-size slide

  83. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME
    WIKI KARMA

    View full-size slide

  84. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME WIKI KARMA
    wiki.php.net

    View full-size slide

  85. @SammyK #nephp17 joind.in/talk/8e1b4
    GET YOU SOME WIKI KARMA
    [email protected]

    View full-size slide

  86. @SammyK #nephp17 joind.in/talk/8e1b4
    YOUR RFC
    CREATE
    wiki.php.net/rfc/howto

    View full-size slide

  87. @SammyK #nephp17 joind.in/talk/8e1b4
    YOUR RFC
    ANNOUNCE
    [email protected]

    View full-size slide

  88. @SammyK #nephp17 joind.in/talk/8e1b4
    FOR 2 WEEKS
    WAIT

    View full-size slide

  89. @SammyK #nephp17 joind.in/talk/8e1b4
    UNDER DISCUSSION

    View full-size slide

  90. @SammyK #nephp17 joind.in/talk/8e1b4
    ANNOUNCE THE
    VOTING
    PHASE
    [email protected]

    View full-size slide

  91. @SammyK #nephp17 joind.in/talk/8e1b4
    USUALLY 2 WEEKS

    View full-size slide

  92. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  93. @SammyK #nephp17 joind.in/talk/8e1b4
    sammyk.me/how-to-contribute-to-php-documentation

    View full-size slide

  94. @SammyK #nephp17 joind.in/talk/8e1b4
    THE PROCESS
    FIN

    View full-size slide

  95. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    View full-size slide

  96. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    View full-size slide

  97. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    View full-size slide

  98. @SammyK #nephp17 joind.in/talk/8e1b4
    RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x

    View full-size slide

  99. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View full-size slide

  100. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View full-size slide

  101. Let’s do this sh… stuff!

    View full-size slide

  102. LATER
    …TWO WEEKS

    View full-size slide

  103. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  104. @SammyK #nephp17 joind.in/talk/8e1b4

    View full-size slide

  105. @SammyK #nephp17 joind.in/talk/8e1b4
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING

    View full-size slide

  106. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View full-size slide

  107. I STILL have no idea what I’m doing!

    View full-size slide

  108. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com

    View full-size slide

  109. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^

    View full-size slide

  110. @SammyK #nephp17 joind.in/talk/8e1b4
    COMMUNITY
    LOVING

    View full-size slide

  111. @SammyK #nephp17 joind.in/talk/8e1b4
    I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE TESTS

    View full-size slide

  112. For PHP Source
    Writing Tests
    Tomorrow @ 9AM
    Richmond Room
    #SHAMELESSPLUG

    View full-size slide

  113. @SammyK #nephp17 joind.in/talk/8e1b4
    TABS
    INTERNALS USES

    View full-size slide

  114. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    /talk/8e1b4
    I have
    stickers!

    View full-size slide