My journey to the center of PHP - ZendCon 2016

Transcript

1. O C T O B E R 2 0 T

   H , 2 0 1 6 JOURNEY MY CENTER TO THE OF S A M M Y K A Y E P O W E R S @SammyK #zendcon2016 joind.in/talk/ad2c6

2. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

3. I don’t know C! Internals is scary! I don’t know

   what I’m doing!

4. BOOKS ON PHP 7 INTERNALS: @SammyK #zendcon2016 joind.in/talk/ad2c6 THIS PAGE

   INTENTIONALLY LEFT BLANK

5. BUBBLE MY 1998-2013 @SammyK #zendcon2016 joind.in/talk/ad2c6

6. LARACON 2014 NEW YORK PHP|TEK CHICAGO @SammyK #zendcon2016 joind.in/talk/ad2c6

7. PHP|TEK HACK-A-THON CONTRIBUTE TO PHP @SammyK #zendcon2016 joind.in/talk/ad2c6

8. I don’t know what I’m doing! @SammyK #zendcon2016 joind.in/talk/ad2c6

9. ELIZABETH SMITH DERICK RETHANS

10. @SammyK #zendcon2016 joind.in/talk/ad2c6

11. ANTHONY FERRARA @SammyK #zendcon2016 joind.in/talk/ad2c6

12. CONTRIBUTION MY FIRST

13. this is a table… @SammyK #zendcon2016 joind.in/talk/ad2c6

14. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird

15. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird

16. TABS SPACES VS

17. CLOSER TO INTERNALS PUSHED ME

18. None

19. OPEN SOURCE @SammyK #zendcon2016 joind.in/talk/ad2c6

20. PHP SDK FACEBOOK

21. FOSCO MAROTTO @SammyK #zendcon2016 joind.in/talk/ad2c6

22. HQ FACEBOOK @SammyK #zendcon2016 joind.in/talk/ad2c6

23. None

24. CHANGED IT ALL THE PR THAT @SammyK #zendcon2016 joind.in/talk/ad2c6

25. None
26. None

27. SCOTT ARCISZEWSKI (AR - SIZ - ZU - SKI) @SammyK

    #zendcon2016 joind.in/talk/ad2c6

28. @SammyK #zendcon2016 joind.in/talk/ad2c6

29. @SammyK #zendcon2016 joind.in/talk/ad2c6

30. SCOTT’S PR INFOSEC FALLOUT == @SammyK #zendcon2016 joind.in/talk/ad2c6

31. I HAD A CHOICE OR @SammyK #zendcon2016 joind.in/talk/ad2c6

32. CSPRNG WUT? @SammyK #zendcon2016 joind.in/talk/ad2c6

33. CSPRNG WUT? @SammyK #zendcon2016 joind.in/talk/ad2c6

34. CSPRNG mt_rand($min, $max); rand($min, $max); @SammyK #zendcon2016 joind.in/talk/ad2c6

35. CSPRNG echo mt_rand(0, 42); 11

36. CSPRNG echo mt_rand(0, 42); 7

37. CSPRNG echo mt_rand(0, 42); 39

38. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

39. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

40. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

41. rand(); mt_rand(); AUTO SEEDING USING TIMESTAMP + A FEW OTHER

    VARIABLES CSPRNG @SammyK #zendcon2016 joind.in/talk/ad2c6

42. CSPRNG’S USE BETTER SEEDS @SammyK #zendcon2016 joind.in/talk/ad2c6

43. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #zendcon2016 joind.in/talk/ad2c6

44. None

45. Why is CSPRNG so hard in PHP?

46. SLOW DOWN SAMMY KAYE

47. SUNSHINE PHP 2015 @SammyK #zendcon2016 joind.in/talk/ad2c6

48. Why is CSPRNG so hard in PHP?

49. Because no one’s made it easy.

50. CSPRNG MAKE EASY

51. I have NO idea what I’m doing!

52. Start with user-land implementation

53. github.com/SammyK/php-src-csprng

54. THREE ADD NEW FUNCTIONS random_int($min, $max) random_bytes($bytes) random_hex($bytes) @SammyK #zendcon2016

    joind.in/talk/ad2c6

55. Vetted by infosec nerds. including…

56. SCOTT @SammyK #zendcon2016 joind.in/talk/ad2c6

57. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) @SammyK #zendcon2016

    joind.in/talk/ad2c6

58. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) two @SammyK

    #zendcon2016 joind.in/talk/ad2c6

59. ADD NEW FUNCTIONS bin2hex(random_bytes($bytes)) === THREE two random_hex($bytes) @SammyK #zendcon2016

    joind.in/talk/ad2c6

60. IMPLEMENTATION THE ACTUAL @SammyK #zendcon2016 joind.in/talk/ad2c6

61. None

62. google!

63. COPY I DON’T ALWAYS PASTE & BUT WHEN I DO…

64. github.com/php/php-src/pull/191/files

65. /ext/standard/basic_functions.c

66. /ext/standard/base64.c

67. COPY PASTE @SammyK #zendcon2016 joind.in/talk/ad2c6

68. COMPILE TEST @SammyK #zendcon2016 joind.in/talk/ad2c6

69. random bytes int min max ?? ?? ? ??!! @SammyK

    #zendcon2016 joind.in/talk/ad2c6

70. ROOM 11 @SammyK #zendcon2016 joind.in/talk/ad2c6

71. segfault @SammyK #zendcon2016 joind.in/talk/ad2c6

72. I have NO idea what I’m doing! random bytes int

    min max

73. LEIGH LAST NAME? @SammyK #zendcon2016 joind.in/talk/ad2c6

74. @SammyK #zendcon2016 joind.in/talk/ad2c6

75. “Remember the Swedes”

76. THE P R O C E S S (REQUEST FOR

    COMMENTS) @SammyK #zendcon2016 joind.in/talk/ad2c6

77. [email protected] @SammyK #zendcon2016 joind.in/talk/ad2c6

78. GET YOU SOME WIKI KARMA @SammyK #zendcon2016 joind.in/talk/ad2c6

79. GET YOU SOME WIKI KARMA wiki.php.net @SammyK #zendcon2016 joind.in/talk/ad2c6

80. GET YOU SOME WIKI KARMA [email protected] @SammyK #zendcon2016 joind.in/talk/ad2c6

81. YOUR RFC CREATE wiki.php.net/rfc/howto @SammyK #zendcon2016 joind.in/talk/ad2c6

82. YOUR RFC ANNOUNCE [email protected] @SammyK #zendcon2016 joind.in/talk/ad2c6

83. FOR 2 WEEKS WAIT @SammyK #zendcon2016 joind.in/talk/ad2c6

84. UNDER DISCUSSION @SammyK #zendcon2016 joind.in/talk/ad2c6

85. ANNOUNCE THE VOTING PHASE [email protected] @SammyK #zendcon2016 joind.in/talk/ad2c6

86. USUALLY 2 WEEKS @SammyK #zendcon2016 joind.in/talk/ad2c6

87. @SammyK #zendcon2016 joind.in/talk/ad2c6

88. sammyk.me/how-to-contribute-to-php-documentation @SammyK #zendcon2016 joind.in/talk/ad2c6

89. THE PROCESS @SammyK #zendcon2016 joind.in/talk/ad2c6 FIN

90. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST @SammyK #zendcon2016 joind.in/talk/ad2c6

91. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ @SammyK #zendcon2016

    joind.in/talk/ad2c6

92. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ @SammyK

    #zendcon2016 joind.in/talk/ad2c6

93. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    @SammyK #zendcon2016 joind.in/talk/ad2c6

94. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    PHP internals is scawy!

95. Everyone is smarter than me - I’ll be a laughingstock!

    Everyone is mean - look at scalar type- hints drama!

96. Let’s do this sh… stuff!

97. None
98. None

99. LATER …TWO WEEKS

100. None
101. None

102. @SammyK #zendcon2016 joind.in/talk/ad2c6

103. @SammyK #zendcon2016 joind.in/talk/ad2c6

104. JOURNEY MY CENTER TO THE OF IT’S LIKE EATING @SammyK

     #zendcon2016 joind.in/talk/ad2c6

105. LEARNED WHAT I I don’t know what I’m doing! HOW

     FEATURES ARE ADDED TO PHP THE CULTURE OF PHP INTERNALS BETTER AT C & C++ DEEPER UNDERSTANDING OF CSPRNG’S BINARY AND HEXADECIMAL NUMBER SYSTEMS HOW TO CONTRIBUTE TO THE PHP DOCS AND TONS MORE!

106. I STILL have no idea what I’m doing!

107. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

108. SCARY! INTERNALS IS http://saint-max.deviantart.com not ^ @SammyK #zendcon2016 joind.in/talk/ad2c6

109. COMMUNITY LOVING @SammyK #zendcon2016 joind.in/talk/ad2c6

110. I N T E R N A L S N

     E E D S YOU SOURCE BUGS WEBSITE TESTS @SammyK #zendcon2016 joind.in/talk/ad2c6

111. TABS INTERNALS USES @SammyK #zendcon2016 joind.in/talk/ad2c6

112. THANKS! SAMMY KAYE POWERS @SammyK SammyK.me Host of @PHPRoundtable @ChiPHPUG

     West Coast Swing Hire me! :) /talk/ad2c6