Me: I'd like a hex table, please.

Google: Do you mean this random English village?

Me: I'd like an ascii table, please.

For the past few days, i have been benchmarking, and studying HTTP routers, and in the process, i have rewrite hhvm/hack-router in PHP ( ), added some optimizations, and managed to beat both FastRoute, and Symfony Routing.

blog post soon.

Ya know, I'mma be honest... Composer users follow a really nice, respectable upgrade cycle.

Y'all on it pretty sharp there... Even ya stragglers....

Reassembling my workspace in the brand new bedroom I've built out in my basement. The office managers have reported for duty and are watching over me intently.

What does this output (under PFA implementation)?

var_dump(?, 2)(?, 3)(?, 4, 5)(?, 6)(1);

Discussing partial function application over the past week:

Email to security@: Did you guys know you have phpinfo output accessible on your websites?

Me: Yes. It's on purpose. We're an open source project and we believe in transparency.

Email (smugly): Hah! But you probably don't realize your entire git repo is visible!

Me: What, you mean these? <links to github where all sites' sources live>


The first email is forgivable, even appreciation worthy, as it looks like a common vulnerability.

Once you've been told it's not though.... eh?

PHP: Don't try to write a clever regex to validate email addresses, the range of valid addresses is far far wider than you could possibly imagine. Just don't.

Also PHP:

Trying to make an April Fool's joke about the git compromise and I just can't bring myself to do it. It's too soon, man.

Pay attention corporations. This is how you preserve trust in a situation where you're inevitably going to lose some. Just treat everyone involved like a fucking adult and take your slaps on the wrist.

We fucked up by trying to maintain out own infra without the resources to do it right. We admitted that mistake to ourselves first, then to the public, and we're acting to fix the underlying problems (including some that weren't an issue yet, but could become ones).

Show thread

I feel like I need to do a video on this breach event.

A little on the breach itself, 'cause that's probably interesting, but mostly on the way it's disclosed and responded to.

We publicly announced pretty quickly by any measure and have been pretty transparent so far (more transparency coming soon) and the response has been mostly "Fuck that sucks, thanks for working to fix it" rather than "POOF THAT PHP IS TEH SUX". There's some of that, but preciously little.

Fuck, man. Not gonna lie. I'm shook. I just to curl up and lick my wounds awhile, but there's shit to do. Fuck.

This one even got my wife laughing out loud.

There's too much text to put it in the mouse over, so I've pasted it to gist for the screen reader inclined.

PHP internals devs: ** Discover funky internal behavior of a PHP userspace function.

Dev 1: Wait... what?
Dev 2: /facepalm
Dev 3: No, it really does do that.
Dev 1: So, an entirely typical PHP function then.

How to be an entitled asshole towards the the people who make the thing you make money off of for free:

"They": There's no such thing as a bad idea.


As always, identities have been changed to protect the stupid.

Show older
PHP Community on Mastodon

Open source. Open community. We are dedicated to building and enriching the PHP community.