Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My journey to the center of PHP - ZendCon 2016

My journey to the center of PHP - ZendCon 2016

"I don't know C!" is probably one of the most common excuses that we PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk, I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely, helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

PHP Roundtable: https://www.phproundtable.com/
Facebook PHP SDK: https://github.com/facebook/php-graph-sdk
CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
User-land implementation: https://github.com/SammyK/php-src-csprng
Password hash diff: https://github.com/php/php-src/pull/191/files
How to create an RFC: https://wiki.php.net/rfc/howto
CSPRNG RFC: https://wiki.php.net/rfc/easy_userland_csprng
HHVM port: https://github.com/facebook/hhvm/pull/5925

PHP source: https://github.com/php/php-src
Write tests for PHP source: http://qa.php.net/write-test.php
How to contribute to the docs: https://www.sammyk.me/how-to-contribute-to-php-documentation
Bugs: https://bugs.php.net/
PHP.net source: https://github.com/php/web-php

Sammy Kaye Powers

October 20, 2016
Tweet

More Decks by Sammy Kaye Powers

Other Decks in Programming

Transcript

  1. O C T O B E R 2 0 T H , 2 0 1 6
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  2. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  3. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View Slide

  4. BOOKS ON PHP 7 INTERNALS:
    @SammyK #zendcon2016 joind.in/talk/ad2c6
    THIS PAGE INTENTIONALLY LEFT BLANK

    View Slide

  5. BUBBLE
    MY
    1998-2013
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  6. LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  7. PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  8. I don’t know what I’m doing!
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  9. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View Slide

  10. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  11. ANTHONY
    FERRARA
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  12. CONTRIBUTION
    MY FIRST

    View Slide

  13. this is a table…
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  14. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  15. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  16. TABS
    SPACES
    VS

    View Slide

  17. CLOSER
    TO INTERNALS
    PUSHED ME

    View Slide

  18. View Slide

  19. OPEN
    SOURCE
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  20. PHP SDK
    FACEBOOK

    View Slide

  21. FOSCO
    MAROTTO
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  22. HQ
    FACEBOOK
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  23. View Slide

  24. CHANGED IT ALL
    THE PR THAT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  25. View Slide

  26. View Slide

  27. SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  28. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  29. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  30. SCOTT’S PR
    INFOSEC FALLOUT
    ==
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  31. I HAD A CHOICE
    OR
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  32. CSPRNG
    WUT?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  33. CSPRNG
    WUT?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  34. CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  35. CSPRNG
    echo mt_rand(0, 42);
    11

    View Slide

  36. CSPRNG
    echo mt_rand(0, 42);
    7

    View Slide

  37. CSPRNG
    echo mt_rand(0, 42);
    39

    View Slide

  38. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  39. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  40. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  41. rand(); mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  42. CSPRNG’S
    USE BETTER SEEDS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  43. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  44. View Slide

  45. Why is CSPRNG so hard in PHP?

    View Slide

  46. SLOW DOWN SAMMY KAYE

    View Slide

  47. SUNSHINE PHP
    2015
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  48. Why is CSPRNG so hard in PHP?

    View Slide

  49. Because no one’s made it easy.

    View Slide

  50. CSPRNG
    MAKE
    EASY

    View Slide

  51. I have NO idea what I’m doing!

    View Slide

  52. Start with user-land implementation

    View Slide

  53. github.com/SammyK/php-src-csprng

    View Slide

  54. THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  55. Vetted by infosec nerds. including…

    View Slide

  56. SCOTT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  57. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  58. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  59. ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  60. IMPLEMENTATION
    THE ACTUAL
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  61. View Slide

  62. google!

    View Slide

  63. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View Slide

  64. github.com/php/php-src/pull/191/files

    View Slide

  65. /ext/standard/basic_functions.c

    View Slide

  66. /ext/standard/base64.c

    View Slide

  67. COPY PASTE
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  68. COMPILE TEST
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  69. random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  70. ROOM 11
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  71. segfault
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  72. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View Slide

  73. LEIGH
    LAST NAME?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  74. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  75. “Remember the Swedes”

    View Slide

  76. THE
    P R O C E S S
    (REQUEST FOR COMMENTS)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  77. [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  78. GET YOU SOME
    WIKI KARMA
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  79. GET YOU SOME WIKI KARMA
    wiki.php.net
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  80. GET YOU SOME WIKI KARMA
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  81. YOUR RFC
    CREATE
    wiki.php.net/rfc/howto
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  82. YOUR RFC
    ANNOUNCE
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  83. FOR 2 WEEKS
    WAIT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  84. UNDER DISCUSSION
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  85. ANNOUNCE THE
    VOTING
    PHASE
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  86. USUALLY 2 WEEKS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  87. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  88. sammyk.me/how-to-contribute-to-php-documentation
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  89. THE PROCESS
    @SammyK #zendcon2016 joind.in/talk/ad2c6
    FIN

    View Slide

  90. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  91. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  92. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  93. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  94. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View Slide

  95. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View Slide

  96. Let’s do this sh… stuff!

    View Slide

  97. View Slide

  98. View Slide

  99. LATER
    …TWO WEEKS

    View Slide

  100. View Slide

  101. View Slide

  102. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  103. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  104. JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  105. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View Slide

  106. I STILL have no idea what I’m doing!

    View Slide

  107. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  108. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  109. COMMUNITY
    LOVING
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  110. I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE
    TESTS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  111. TABS
    INTERNALS USES
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  112. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    Hire me! :)
    /talk/ad2c6

    View Slide