Upgrade to Pro — share decks privately, control downloads, hide ads and more …

My journey to the center of PHP - ZendCon 2016

Sammy Kaye Powers
October 20, 2016
Programming
1
400

My journey to the center of PHP - ZendCon 2016

"I don't know C!" is probably one of the most common excuses that we PHP nerds give for not contributing to PHP source. And top it off with all the overly-publicized drama surrounding the PHP internals mailing list, most user-land PHP developers don't want to touch PHP source with a ten foot pole.

In this talk, I tell my story of how a plain-old user-land PHP nerd who, "doesn't know C," found himself drawn to PHP internals like a bug to a light. I was meet with a lovely, helpful community of individuals who mentored me the whole way to making PHP better. This talk will encourage and inspire you to join me on an epic journey to the center of PHP.

PHP Roundtable: https://www.phproundtable.com/
Facebook PHP SDK: https://github.com/facebook/php-graph-sdk
CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
User-land implementation: https://github.com/SammyK/php-src-csprng
Password hash diff: https://github.com/php/php-src/pull/191/files
How to create an RFC: https://wiki.php.net/rfc/howto
CSPRNG RFC: https://wiki.php.net/rfc/easy_userland_csprng
HHVM port: https://github.com/facebook/hhvm/pull/5925

PHP source: https://github.com/php/php-src
Write tests for PHP source: http://qa.php.net/write-test.php
How to contribute to the docs: https://www.sammyk.me/how-to-contribute-to-php-documentation
Bugs: https://bugs.php.net/
PHP.net source: https://github.com/php/web-php

Sammy Kaye Powers

October 20, 2016
Tweet

More Decks by Sammy Kaye Powers

See All by Sammy Kaye Powers
Going Bare - Writing The Web Without A Framework - Longhorn PHP 2019
sammyk
1
940
Going bare - writing the web without a framework - php[world] 2018
sammyk
0
480
The Debug Dance - An Intro To Step Debugging - php[world] 2018
sammyk
0
1k
Let's get random: Under the hood of PHP 7's CSPRNG - ZendCon & OpenEnterprise 2018
sammyk
0
1.1k
The debug dance: An intro to step debugging - ZendCon & OpenEnterprise 2018
sammyk
1
310
Going Bare - Writing the web without a framework - Cascadia PHP 2018
sammyk
0
360
Let's Get Random - Under The Hood of PHP 7's CSPRNG - php[tek] 2018
sammyk
0
220
Writing Tests For PHP Source - ZendCon 2017
sammyk
1
1.2k
Going Bare - Writing the web without a framework - ZendCon 2017
sammyk
2
340

Other Decks in Programming

See All in Programming
ruby.wasmでブラウザを酷使してみよう / 2023-MatsueRubyKaigi
lnit
0
150
「ちょうどよい」フロントエンドアーキテクチャを求めて
ari_mharada
0
190
ZOZOTOWNアプリでのフルCompos実装取り組み事例
umsys
0
250
第3回 AWSとGitHub勉強会 - GitHub Actionsを使ったCI環境の構築 -
ogiwarat
0
170
Rediscover the joy of coding with Creative Coding
clown0082
0
110
The impact of API Platform on Open-Source
loic425
0
130
家庭用自律移動ロボット「カチャカ」の開発者API公開と ROS 2インターフェイス実装
youtalk
0
130
The PHP Revolution Is Underway: FrankenPHP 1.0 Beta
dunglas
1
9.6k
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
180
Context Window のお話
schroneko
1
160
VSCodeから一発でProxymanを起動する
kumamotone
0
130
Monorepo for Cloudflare Workers
peaceiris
0
120

Featured

See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.5k
4 Signs Your Business is Dying
shpigford
172
21k
Automating Front-end Workflow
addyosmani
1354
200k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
112
17k
Faster Mobile Websites
deanohume
296
29k
Bash Introduction
62gerente
603
210k
What's new in Ruby 2.0
geeforr
336
30k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
Six Lessons from altMBA
skipperchong
17
2.6k
Agile that works and the tools we love
rasmusluckow
323
20k
VelocityConf: Rendering Performance Case Studies
addyosmani
318
23k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
6
7.1k

Transcript

  1. O C T O B E R 2 0 T H , 2 0 1 6
    JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    S A M M Y K A Y E P O W E R S
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  2. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  3. I don’t know C!
    Internals is scary!
    I don’t know what I’m doing!

    View Slide

  4. BOOKS ON PHP 7 INTERNALS:
    @SammyK #zendcon2016 joind.in/talk/ad2c6
    THIS PAGE INTENTIONALLY LEFT BLANK

    View Slide

  5. BUBBLE
    MY
    1998-2013
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  6. LARACON
    2014
    NEW YORK
    PHP|TEK CHICAGO
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  7. PHP|TEK
    HACK-A-THON
    CONTRIBUTE TO PHP
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  8. I don’t know what I’m doing!
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  9. ELIZABETH
    SMITH
    DERICK
    RETHANS

    View Slide

  10. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  11. ANTHONY
    FERRARA
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  12. CONTRIBUTION
    MY FIRST

    View Slide

  13. this is a table…
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  14. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  15. I love tabs!
    this is a table…
    Spaces is where it’s at! I’m trying to upgrade bison
    I added array_column()
    Have you used Docker?
    Licensing in FOSS is important
    Let’s have a PGP key signing party!
    JavaScript is weird

    View Slide

  16. TABS
    SPACES
    VS

    View Slide

  17. CLOSER
    TO INTERNALS
    PUSHED ME

    View Slide

  18. View Slide

  19. OPEN
    SOURCE
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  20. PHP SDK
    FACEBOOK

    View Slide

  21. FOSCO
    MAROTTO
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  22. HQ
    FACEBOOK
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  23. View Slide

  24. CHANGED IT ALL
    THE PR THAT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  25. View Slide

  26. View Slide

  27. SCOTT
    ARCISZEWSKI
    (AR - SIZ - ZU - SKI)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  28. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  29. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  30. SCOTT’S PR
    INFOSEC FALLOUT
    ==
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  31. I HAD A CHOICE
    OR
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  32. CSPRNG
    WUT?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  33. CSPRNG
    WUT?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  34. CSPRNG
    mt_rand($min, $max);
    rand($min, $max);
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  35. CSPRNG
    echo mt_rand(0, 42);
    11

    View Slide

  36. CSPRNG
    echo mt_rand(0, 42);
    7

    View Slide

  37. CSPRNG
    echo mt_rand(0, 42);
    39

    View Slide

  38. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  39. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  40. CSPRNG
    mt_srand(10);
    echo mt_rand(0, 42);
    21

    View Slide

  41. rand(); mt_rand();
    AUTO SEEDING USING
    TIMESTAMP
    + A FEW OTHER VARIABLES
    CSPRNG
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  42. CSPRNG’S
    USE BETTER SEEDS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  43. CSPRNG OPTIONS IN
    5.x
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/*random
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  44. View Slide

  45. Why is CSPRNG so hard in PHP?

    View Slide

  46. SLOW DOWN SAMMY KAYE

    View Slide

  47. SUNSHINE PHP
    2015
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  48. Why is CSPRNG so hard in PHP?

    View Slide

  49. Because no one’s made it easy.

    View Slide

  50. CSPRNG
    MAKE
    EASY

    View Slide

  51. I have NO idea what I’m doing!

    View Slide

  52. Start with user-land implementation

    View Slide

  53. github.com/SammyK/php-src-csprng

    View Slide

  54. THREE
    ADD NEW
    FUNCTIONS
    random_int($min, $max)
    random_bytes($bytes)
    random_hex($bytes)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  55. Vetted by infosec nerds. including…

    View Slide

  56. SCOTT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  57. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  58. THREE
    ADD NEW
    FUNCTIONS
    random_bytes($bytes)
    random_hex($bytes)
    random_int($min, $max)
    two
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  59. ADD NEW
    FUNCTIONS
    bin2hex(random_bytes($bytes))
    ===
    THREE
    two
    random_hex($bytes)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  60. IMPLEMENTATION
    THE ACTUAL
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  61. View Slide

  62. google!

    View Slide

  63. COPY
    I DON’T ALWAYS
    PASTE
    &
    BUT WHEN I DO…

    View Slide

  64. github.com/php/php-src/pull/191/files

    View Slide

  65. /ext/standard/basic_functions.c

    View Slide

  66. /ext/standard/base64.c

    View Slide

  67. COPY PASTE
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  68. COMPILE TEST
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  69. random
    bytes
    int
    min
    max
    ??
    ??
    ?
    ??!!
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  70. ROOM 11
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  71. segfault
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  72. I have NO idea what I’m doing!
    random
    bytes
    int
    min
    max

    View Slide

  73. LEIGH
    LAST NAME?
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  74. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  75. “Remember the Swedes”

    View Slide

  76. THE
    P R O C E S S
    (REQUEST FOR COMMENTS)
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  77. [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  78. GET YOU SOME
    WIKI KARMA
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  79. GET YOU SOME WIKI KARMA
    wiki.php.net
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  80. GET YOU SOME WIKI KARMA
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  81. YOUR RFC
    CREATE
    wiki.php.net/rfc/howto
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  82. YOUR RFC
    ANNOUNCE
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  83. FOR 2 WEEKS
    WAIT
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  84. UNDER DISCUSSION
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  85. ANNOUNCE THE
    VOTING
    PHASE
    [email protected]
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  86. USUALLY 2 WEEKS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  87. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  88. sammyk.me/how-to-contribute-to-php-documentation
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  89. THE PROCESS
    @SammyK #zendcon2016 joind.in/talk/ad2c6
    FIN

    View Slide

  90. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  91. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST

    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  92. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  93. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  94. RFC
    WORKING IMPLEMENTATION
    ANNOUNCE TO INTERNALS
    CHECKLIST


    x
    PHP internals is scawy!

    View Slide

  95. Everyone is smarter than
    me - I’ll be a laughingstock!
    Everyone is mean -
    look at scalar type-
    hints drama!

    View Slide

  96. Let’s do this sh… stuff!

    View Slide

  97. View Slide

  98. View Slide

  99. LATER
    …TWO WEEKS

    View Slide

  100. View Slide

  101. View Slide

  102. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  103. @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  104. JOURNEY
    MY
    CENTER
    TO
    THE
    OF
    IT’S LIKE EATING
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  105. LEARNED
    WHAT I
    I don’t know what I’m doing!
    HOW
    FEATURES ARE ADDED TO
    PHP
    THE CULTURE OF PHP INTERNALS
    BETTER AT C & C++
    DEEPER UNDERSTANDING OF CSPRNG’S
    BINARY AND HEXADECIMAL NUMBER SYSTEMS
    HOW
    TO
    CONTRIBUTE TO
    THE PHP DOCS
    AND TONS MORE!

    View Slide

  106. I STILL have no idea what I’m doing!

    View Slide

  107. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  108. SCARY!
    INTERNALS IS
    http://saint-max.deviantart.com
    not
    ^
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  109. COMMUNITY
    LOVING
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  110. I N T E R N A L S N E E D S
    YOU SOURCE
    BUGS WEBSITE
    TESTS
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  111. TABS
    INTERNALS USES
    @SammyK #zendcon2016 joind.in/talk/ad2c6

    View Slide

  112. THANKS!
    SAMMY KAYE POWERS
    @SammyK
    SammyK.me
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    Hire me! :)
    /talk/ad2c6

    View Slide