Me: I'd like a hex table, please.
Google: Do you mean this random English village? https://en.wikipedia.org/wiki/Hextable
Me: I'd like an ascii table, please.
For the past few days, i have been benchmarking, and studying HTTP routers, and in the process, i have rewrite hhvm/hack-router in PHP ( https://github.com/azjezz/hack-routing ), added some optimizations, and managed to beat both FastRoute, and Symfony Routing.
blog post soon.
Ya know, I'mma be honest... Composer users follow a really nice, respectable upgrade cycle.
Y'all on it pretty sharp there... Even ya stragglers....
What does this output (under PFA implementation)?
var_dump(?, 2)(?, 3)(?, 4, 5)(?, 6)(1);
Email to security@: Did you guys know you have phpinfo output accessible on your websites?
Me: Yes. It's on purpose. We're an open source project and we believe in transparency.
Email (smugly): Hah! But you probably don't realize your entire git repo is visible!
Me: What, you mean these? <links to github where all php.net sites' sources live>
The first email is forgivable, even appreciation worthy, as it looks like a common vulnerability.
Once you've been told it's not though.... eh?
PHP: Don't try to write a clever regex to validate email addresses, the range of valid addresses is far far wider than you could possibly imagine. Just don't.
Pay attention corporations. This is how you preserve trust in a situation where you're inevitably going to lose some. Just treat everyone involved like a fucking adult and take your slaps on the wrist.
We fucked up by trying to maintain out own infra without the resources to do it right. We admitted that mistake to ourselves first, then to the public, and we're acting to fix the underlying problems (including some that weren't an issue yet, but could become ones).
I feel like I need to do a video on this breach event.
A little on the breach itself, 'cause that's probably interesting, but mostly on the way it's disclosed and responded to.
We publicly announced pretty quickly by any measure and have been pretty transparent so far (more transparency coming soon) and the response has been mostly "Fuck that sucks, thanks for working to fix it" rather than "POOF THAT PHP IS TEH SUX". There's some of that, but preciously little.
This one even got my wife laughing out loud.
There's too much text to put it in the mouse over, so I've pasted it to gist for the screen reader inclined.
Just.... everything about this.
How to be an entitled asshole towards the the people who make the thing you make money off of for free: https://bugs.php.net/bug.php?id=80877
"They": There's no such thing as a bad idea.
The Internet: CHALLENGE ACCEPTED. https://externals.io/message/113504