rdlowrey

Keybase proof

I hereby claim:

• I am rdlowrey on github.
• I am rdlowrey (https://keybase.io/rdlowrey) on keybase.
• I have a public key ASBeQKDHmLVbYmkyKlQ5gtlC1y41gcvv-rSB4tYjNJBqago

To claim this, I am signing this object:

rdlowrey

Keybase proof

I hereby claim:

• I am rdlowrey on github.
• I am dlowrey (https://keybase.io/dlowrey) on keybase.
• I have a public key whose fingerprint is BA24 A9CC 19EE 0EBA 2078 1F9F AEE1 B63D FC9D 0D88

To claim this, I am signing this object:

rdlowrey

<?php

function myHttpHandler(Request $request, Response $response) {
    // async function that returns a promise
    // we use yield to wait for that promise to resolve then resume here
    // if there's some kind of error it will be thrown into our generator
    $session = yield loadSessionFromRequest($request);
    
    if ($session->hasValue('isLoggedIn')) {
        // pass the individual promises from generateHttpBody() through using `yield from`

rdlowrey

<?php
function countCpuCores() {
    $os = (stripos(PHP_OS, "WIN") === 0) ? "win" : strtolower(trim(shell_exec("uname")));
    switch ($os) {
        case "win":
            $cmd = "wmic cpu get NumberOfCores";
            break;
        case "linux":
            $cmd = "cat /proc/cpuinfo | grep processor | wc -l";
            break;

rdlowrey

<?php
$ch = curl_init();

// 1: only verify that the peer cert HAS a name field
// 2: verify that the name ACTUALLY matches the domain you connected to
// true: cast to 1
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);

// Mercifully the newest versions of libcurl now disable 1 for this setting.
// This is a prime example of undetectable scalar conversion catastrophe.

rdlowrey

/*
$ npm install request
$ node bench.js
*/

var request = require('request');
var url = 'http://www.google.com';
var total_requests = 100;

var i;

rdlowrey

<?php

/**
 * Remove dot segments from a URI path according to RFC3986 Section 5.2.4
 * 
 * @param $path
 * @return string
 * @link http://www.ietf.org/rfc/rfc3986.txt
 */
function removeDotPathSegments($path) {

rdlowrey

[RFC] TLS Peer Verification

• Verify peer certificates in client streams by default
• Use operating system managed default cert stores if not otherwise specified
• Windows is still an issue as it uses different cert format (I'm working on it)

[RFC] Improved TLS Defaults

• Makes everything SSL/TLS more secure without any user knowledge required
• Vastly improved support for encrypted stream servers (a-la node.js)

rdlowrey

<?php

// Connect asynchronously (new constant for bitwise arg 2: PGSQL_CONNECT_ASYNC)
if (!$db = pg_connect($conn_str, PGSQL_CONNECT_ASYNC)) {
    echo "pg_connect() error\n";
} elseif (pg_connection_status($db) === PGSQL_CONNECTION_BAD) {
    echo "pg_connect() error\n";
} elseif (!$stream = pg_socket($db)) {
    echo "pg_socket() error\n";
}

rdlowrey

PHP disables SSL/TLS peer verification by default. While this design decision significantly simplifies encrypted HTTP retrieval, it also means your transfers are totally vulnerable to Man-in-the-Middle attacks. To fully secure our transfers we need to verify that the party at the other end of our transfer is actually who they say they are.

To accomplish this we need two things:

1. A CA file (in .PEM format) so we can tell openssl which certificate authorities we trust
2. A stream context that specifies this CA file and instructs openssl to verify the other party

We can easily obtain the same CA file (direct link to .pem file) used by the Mozilla Foundation (the exact one cURL uses, BTW). This file is usually updated a handful of times each year and it's important to keep your CA file up-to-date or you risk trusting certificate authorities that are known to be insecure/unsafe. This kind of thing doesn't happen often, but it's important to upd