My journey to the center of PHP - ZendCon 2016

My journey to the center of PHP - ZendCon 2016

"I don't know C!" is probably one of the most common excuses that we PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk, I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely, helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

PHP Roundtable: https://www.phproundtable.com/
Facebook PHP SDK: https://github.com/facebook/php-graph-sdk
CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
User-land implementation: https://github.com/SammyK/php-src-csprng
Password hash diff: https://github.com/php/php-src/pull/191/files
How to create an RFC: https://wiki.php.net/rfc/howto
CSPRNG RFC: https://wiki.php.net/rfc/easy_userland_csprng
HHVM port: https://github.com/facebook/hhvm/pull/5925

PHP source: https://github.com/php/php-src
Write tests for PHP source: http://qa.php.net/write-test.php
How to contribute to the docs: https://www.sammyk.me/how-to-contribute-to-php-documentation
Bugs: https://bugs.php.net/
PHP.net source: https://github.com/php/web-php

8c090cc1ccd623a146ddd9159b1bf7e2?s=128

Sammy Kaye Powers

October 20, 2016
Tweet

Transcript

  1. O C T O B E R 2 0 T

    H , 2 0 1 6 JOURNEY MY CENTER TO THE OF S A M M Y K A Y E P O W E R S @SammyK #zendcon2016 joind.in/talk/ad2c6
  2. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

  3. I don’t know C! Internals is scary! I don’t know

    what I’m doing!
  4. BOOKS ON PHP 7 INTERNALS: @SammyK #zendcon2016 joind.in/talk/ad2c6 THIS PAGE

    INTENTIONALLY LEFT BLANK
  5. BUBBLE MY 1998-2013 @SammyK #zendcon2016 joind.in/talk/ad2c6

  6. LARACON 2014 NEW YORK PHP|TEK CHICAGO @SammyK #zendcon2016 joind.in/talk/ad2c6

  7. PHP|TEK HACK-A-THON CONTRIBUTE TO PHP @SammyK #zendcon2016 joind.in/talk/ad2c6

  8. I don’t know what I’m doing! @SammyK #zendcon2016 joind.in/talk/ad2c6

  9. ELIZABETH SMITH DERICK RETHANS

  10. @SammyK #zendcon2016 joind.in/talk/ad2c6

  11. ANTHONY FERRARA @SammyK #zendcon2016 joind.in/talk/ad2c6

  12. CONTRIBUTION MY FIRST

  13. this is a table… @SammyK #zendcon2016 joind.in/talk/ad2c6

  14. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  15. I love tabs! this is a table… Spaces is where

    it’s at! I’m trying to upgrade bison I added array_column() Have you used Docker? Licensing in FOSS is important Let’s have a PGP key signing party! JavaScript is weird
  16. TABS SPACES VS

  17. CLOSER TO INTERNALS PUSHED ME

  18. None
  19. OPEN SOURCE @SammyK #zendcon2016 joind.in/talk/ad2c6

  20. PHP SDK FACEBOOK

  21. FOSCO MAROTTO @SammyK #zendcon2016 joind.in/talk/ad2c6

  22. HQ FACEBOOK @SammyK #zendcon2016 joind.in/talk/ad2c6

  23. None
  24. CHANGED IT ALL THE PR THAT @SammyK #zendcon2016 joind.in/talk/ad2c6

  25. None
  26. None
  27. SCOTT ARCISZEWSKI (AR - SIZ - ZU - SKI) @SammyK

    #zendcon2016 joind.in/talk/ad2c6
  28. @SammyK #zendcon2016 joind.in/talk/ad2c6

  29. @SammyK #zendcon2016 joind.in/talk/ad2c6

  30. SCOTT’S PR INFOSEC FALLOUT == @SammyK #zendcon2016 joind.in/talk/ad2c6

  31. I HAD A CHOICE OR @SammyK #zendcon2016 joind.in/talk/ad2c6

  32. CSPRNG WUT? @SammyK #zendcon2016 joind.in/talk/ad2c6

  33. CSPRNG WUT? @SammyK #zendcon2016 joind.in/talk/ad2c6

  34. CSPRNG mt_rand($min, $max); rand($min, $max); @SammyK #zendcon2016 joind.in/talk/ad2c6

  35. CSPRNG echo mt_rand(0, 42); 11

  36. CSPRNG echo mt_rand(0, 42); 7

  37. CSPRNG echo mt_rand(0, 42); 39

  38. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  39. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  40. CSPRNG mt_srand(10); echo mt_rand(0, 42); 21

  41. rand(); mt_rand(); AUTO SEEDING USING TIMESTAMP + A FEW OTHER

    VARIABLES CSPRNG @SammyK #zendcon2016 joind.in/talk/ad2c6
  42. CSPRNG’S USE BETTER SEEDS @SammyK #zendcon2016 joind.in/talk/ad2c6

  43. CSPRNG OPTIONS IN 5.x openssl_random_pseudo_bytes() mcrypt_create_iv() /dev/*random @SammyK #zendcon2016 joind.in/talk/ad2c6

  44. None
  45. Why is CSPRNG so hard in PHP?

  46. SLOW DOWN SAMMY KAYE

  47. SUNSHINE PHP 2015 @SammyK #zendcon2016 joind.in/talk/ad2c6

  48. Why is CSPRNG so hard in PHP?

  49. Because no one’s made it easy.

  50. CSPRNG MAKE EASY

  51. I have NO idea what I’m doing!

  52. Start with user-land implementation

  53. github.com/SammyK/php-src-csprng

  54. THREE ADD NEW FUNCTIONS random_int($min, $max) random_bytes($bytes) random_hex($bytes) @SammyK #zendcon2016

    joind.in/talk/ad2c6
  55. Vetted by infosec nerds. including…

  56. SCOTT @SammyK #zendcon2016 joind.in/talk/ad2c6

  57. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) @SammyK #zendcon2016

    joind.in/talk/ad2c6
  58. THREE ADD NEW FUNCTIONS random_bytes($bytes) random_hex($bytes) random_int($min, $max) two @SammyK

    #zendcon2016 joind.in/talk/ad2c6
  59. ADD NEW FUNCTIONS bin2hex(random_bytes($bytes)) === THREE two random_hex($bytes) @SammyK #zendcon2016

    joind.in/talk/ad2c6
  60. IMPLEMENTATION THE ACTUAL @SammyK #zendcon2016 joind.in/talk/ad2c6

  61. None
  62. google!

  63. COPY I DON’T ALWAYS PASTE & BUT WHEN I DO…

  64. github.com/php/php-src/pull/191/files

  65. /ext/standard/basic_functions.c

  66. /ext/standard/base64.c

  67. COPY PASTE @SammyK #zendcon2016 joind.in/talk/ad2c6

  68. COMPILE TEST @SammyK #zendcon2016 joind.in/talk/ad2c6

  69. random bytes int min max ?? ?? ? ??!! @SammyK

    #zendcon2016 joind.in/talk/ad2c6
  70. ROOM 11 @SammyK #zendcon2016 joind.in/talk/ad2c6

  71. segfault @SammyK #zendcon2016 joind.in/talk/ad2c6

  72. I have NO idea what I’m doing! random bytes int

    min max
  73. LEIGH LAST NAME? @SammyK #zendcon2016 joind.in/talk/ad2c6

  74. @SammyK #zendcon2016 joind.in/talk/ad2c6

  75. “Remember the Swedes”

  76. THE P R O C E S S (REQUEST FOR

    COMMENTS) @SammyK #zendcon2016 joind.in/talk/ad2c6
  77. INTERNALS@LISTS.PHP.NET @SammyK #zendcon2016 joind.in/talk/ad2c6

  78. GET YOU SOME WIKI KARMA @SammyK #zendcon2016 joind.in/talk/ad2c6

  79. GET YOU SOME WIKI KARMA wiki.php.net @SammyK #zendcon2016 joind.in/talk/ad2c6

  80. GET YOU SOME WIKI KARMA INTERNALS@LISTS.PHP.NET @SammyK #zendcon2016 joind.in/talk/ad2c6

  81. YOUR RFC CREATE wiki.php.net/rfc/howto @SammyK #zendcon2016 joind.in/talk/ad2c6

  82. YOUR RFC ANNOUNCE INTERNALS@LISTS.PHP.NET @SammyK #zendcon2016 joind.in/talk/ad2c6

  83. FOR 2 WEEKS WAIT @SammyK #zendcon2016 joind.in/talk/ad2c6

  84. UNDER DISCUSSION @SammyK #zendcon2016 joind.in/talk/ad2c6

  85. ANNOUNCE THE VOTING PHASE INTERNALS@LISTS.PHP.NET @SammyK #zendcon2016 joind.in/talk/ad2c6

  86. USUALLY 2 WEEKS @SammyK #zendcon2016 joind.in/talk/ad2c6

  87. @SammyK #zendcon2016 joind.in/talk/ad2c6

  88. sammyk.me/how-to-contribute-to-php-documentation @SammyK #zendcon2016 joind.in/talk/ad2c6

  89. THE PROCESS @SammyK #zendcon2016 joind.in/talk/ad2c6 FIN

  90. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST @SammyK #zendcon2016 joind.in/talk/ad2c6

  91. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ @SammyK #zendcon2016

    joind.in/talk/ad2c6
  92. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ @SammyK

    #zendcon2016 joind.in/talk/ad2c6
  93. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    @SammyK #zendcon2016 joind.in/talk/ad2c6
  94. RFC WORKING IMPLEMENTATION ANNOUNCE TO INTERNALS CHECKLIST ✓ ✓ x

    PHP internals is scawy!
  95. Everyone is smarter than me - I’ll be a laughingstock!

    Everyone is mean - look at scalar type- hints drama!
  96. Let’s do this sh… stuff!

  97. None
  98. None
  99. LATER …TWO WEEKS

  100. None
  101. None
  102. @SammyK #zendcon2016 joind.in/talk/ad2c6

  103. @SammyK #zendcon2016 joind.in/talk/ad2c6

  104. JOURNEY MY CENTER TO THE OF IT’S LIKE EATING @SammyK

    #zendcon2016 joind.in/talk/ad2c6
  105. LEARNED WHAT I I don’t know what I’m doing! HOW

    FEATURES ARE ADDED TO PHP THE CULTURE OF PHP INTERNALS BETTER AT C & C++ DEEPER UNDERSTANDING OF CSPRNG’S BINARY AND HEXADECIMAL NUMBER SYSTEMS HOW TO CONTRIBUTE TO THE PHP DOCS AND TONS MORE!
  106. I STILL have no idea what I’m doing!

  107. SCARY! INTERNALS IS http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

  108. SCARY! INTERNALS IS http://saint-max.deviantart.com not ^ @SammyK #zendcon2016 joind.in/talk/ad2c6

  109. COMMUNITY LOVING @SammyK #zendcon2016 joind.in/talk/ad2c6

  110. I N T E R N A L S N

    E E D S YOU SOURCE BUGS WEBSITE TESTS @SammyK #zendcon2016 joind.in/talk/ad2c6
  111. TABS INTERNALS USES @SammyK #zendcon2016 joind.in/talk/ad2c6

  112. THANKS! SAMMY KAYE POWERS @SammyK SammyK.me Host of @PHPRoundtable @ChiPHPUG

    West Coast Swing Hire me! :) /talk/ad2c6