[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

Hi Nikita, OK I understand you are with Andrey. On Sun, Feb 5, 2017 at 7:21 AM, Nikita Popov wrote: > Suggesting to drop the length parameter from HKDF... Okay, that's where I > draw the line. I've had enough of this farce. I've configured gmail to > blackhole your mails

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

On Sat, Feb 4, 2017 at 10:37 PM, Yasuo Ohgaki wrote: > Hi Andrey, > > On Sun, Feb 5, 2017 at 6:19 AM, Andrey Andreev wrote: > >> On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote: >> >>> Hi Andrey, >>> >>> On Sun, Feb 5, 2017 at 3:21

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

Hi Andrey, On Sun, Feb 5, 2017 at 6:19 AM, Andrey Andreev wrote: > On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote: > >> Hi Andrey, >> >> On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote: >> >>> Have *you* read anything else in

Re: [PHP-DEV] Re: [RFC][Discuss] Arrow Functions

> And then there's the extra typing and visual space taken up, which is not > something to dismiss entirely. Also, as someone else mentioned this syntax > *seems* like it would support nesting. Compare the following: > > $x = function($a) => function($b) => function($c) => $a * $b * $c; > $y =

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

Hi again, On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki wrote: > Hi Andrey, > > On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote: > >> Have *you* read anything else in the RFC? >> >> The reason why its authors have to recommend salt usage is because it

Re: [PHP-DEV] Re: [RFC][Discuss] Arrow Functions

2017-02-04 21:49 GMT+01:00 Larry Garfield : > On 02/03/2017 11:53 AM, Levi Morrison wrote: > >> >> Thanks to everyone who has participated in the discussion thus far. >>> Primarily the feedback has been directed at the `fn` keyword. Let me >>> provide two benefits and

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

On Sun, Feb 5, 2017 at 5:27 AM, Yasuo Ohgaki wrote: > 2) Use 1) as ikm and "salt" to generate key (NOTE: One of the best place > for salt storage is $_ENV) BTW, better place to keep these secret values is to set key management server and get key from it. Secure the key

Re: [PHP-DEV] [Discussion] HKDF

On Sun, Feb 5, 2017 at 2:56 AM, Andrey Andreev wrote: > On Sat, Feb 4, 2017 at 8:29 AM, Yasuo Ohgaki wrote: > >> >> >> I will change my mind if there is convincing logical >> reason(s) not to do this. I suppose there isn't. >> > > Not only are you ignoring

Re: [PHP-DEV] Re: [RFC][Discuss] Arrow Functions

On 02/03/2017 11:53 AM, Levi Morrison wrote: Thanks to everyone who has participated in the discussion thus far. Primarily the feedback has been directed at the `fn` keyword. Let me provide two benefits and drawbacks of using `fn` as a keyword: 1. `fn` is searchable in search engines and

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

Hi Andrey, On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev wrote: > Have *you* read anything else in the RFC? > > The reason why its authors have to recommend salt usage is because it is > *otherwise the only optional part of the algorithm*. > Nonsense. You misread the RFC and

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

Hi, On Sat, Feb 4, 2017 at 7:49 PM, Yasuo Ohgaki wrote: > > On Sun, Feb 5, 2017 at 1:20 AM, Tom Worster wrote: > >> On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote: >> >> HKDF w/o salt is OK, but with salt, it's much stronger than w/o it.

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

> I personally don’t see a huge use for this in my own work actually, I’m just > trying to make sure that something I will likely have to live with from > *other* developers isn’t impossible to read, that’s all. But I agree that > most people seem focussed on the actual syntax. Well, I do. We

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

On Sun, Feb 5, 2017 at 2:49 AM, Yasuo Ohgaki wrote: > There is something like a weird pattern to your attempts to help PHP >> programmers use the wrong function for the job -- HKDF for passwords, >> uniqid and mt_rand for unpredictable randoms. >> > > Do you know uniqid()'s

Re: [PHP-DEV] [Discussion] HKDF

Hi, On Sat, Feb 4, 2017 at 8:29 AM, Yasuo Ohgaki wrote: > > > I will change my mind if there is convincing logical > reason(s) not to do this. I suppose there isn't. > Not only are you ignoring everybody else's arguments, but also behaving like PHP is your own personal

Re: [PHP-DEV] [Discussion] HKDF

Hi, On Sat, Feb 4, 2017 at 1:01 AM, Yasuo Ohgaki wrote: > Did everyone understand why I propose salt as required parameter and > specify optional salt explicitly? > > I did, and I disagreed. > HKDF w/o salt is OK, but with salt, it's much stronger than w/o it. > In

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

On Sun, Feb 5, 2017 at 1:20 AM, Tom Worster wrote: > On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote: > > HKDF w/o salt is OK, but with salt, it's much stronger than w/o it. >> > > That's not correct. > > The salt defends against certain attacks on predictable

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hi Ilija, > On 4 Feb 2017, at 23:19, ilija.tov...@me.com wrote: > > Hey Stephen > >> You’re really starting to lose me now. You want types but don’t want to >> define them, and you’re somehow mixing phpdoc into this. > > Because we use PHPDoc to provide type hints to the IDE where PHP

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

On Sat, Feb 4, 2017 at 11:16 AM, Nikita Popov wrote: > On Fri, Feb 3, 2017 at 9:44 PM, Scott Arciszewski > wrote: >> >> I've opened the vote for the libsodium RFC. >> >> https://wiki.php.net/rfc/libsodium >> >> See https://externals.io/thread/626 for

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hey Stephen > You’re really starting to lose me now. You want types but don’t want to > define them, and you’re somehow mixing phpdoc into this. Because we use PHPDoc to provide type hints to the IDE where PHP doesn’t support them yet (variables and properties). > Currently PHP has zero

[PHP-DEV] Re: internals Digest 3 Feb 2017 23:56:52 -0000 Issue 4435

On 3 Feb 2017, at 18:56, internals-digest-h...@lists.php.net wrote: HKDF w/o salt is OK, but with salt, it's much stronger than w/o it. That's not correct. The salt defends against certain attacks on predictable input key material, i.e. weak passwords. But HKDF should not normally be used

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

On Fri, Feb 3, 2017 at 9:44 PM, Scott Arciszewski wrote: > I've opened the vote for the libsodium RFC. > > https://wiki.php.net/rfc/libsodium > > See https://externals.io/thread/626 for the previous discussion topics. > > The vote closes at 21:00 UTC (4 PM Eastern Time) next

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

Hi Scott, (Sorry for re-send) > On 4 Feb 2017, at 22:20, Scott Arciszewski wrote: > > On Sat, Feb 4, 2017 at 5:37 AM, Fleshgrinder wrote: >> >> On 2/4/2017 12:54 AM, Scott Arciszewski wrote: >>> I like \Sodium\foo instead of sodium_foo, but it

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hi Ilija, For some reason I don’t see your original reply yet. Anyway… > On 4 Feb 2017, at 22:48, ilija.tov...@me.com wrote: > > Ah, my example was of course wrong again -.- > > The caller should’ve looked like this (although I think you get the point): > > ```Swift > fetchUsers { users in >

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

On 2/4/2017 4:20 PM, Scott Arciszewski wrote: > Hi, > > This is a separate choice that people can vote for. It's not exactly > hidden; nor is it bundled into a single "Yes/No". > > The vote option concerns "permit an exception to the coding style" not > "change the coding style for everything".

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Ah, my example was of course wrong again -.- The caller should’ve looked like this (although I think you get the point): ```Swift fetchUsers { users in    // `users` is inferred to be an array of `User`s } ``` Regards On 4 Feb 2017, 16:41 +0100, ilija.tov...@me.com, wrote: > Hey Stephen > > >

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hey Stephen > You don't *have to* specify types at all. If you want to use PHP without > verifying/requiring types, thats your prerogative, but given the recent > improvements to allow scalar type hinting, I think it’s a mistake to say that > *any* use of type hints is “not recommended”. Sure

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

On Sat, Feb 4, 2017 at 5:37 AM, Fleshgrinder wrote: > > On 2/4/2017 12:54 AM, Scott Arciszewski wrote: > > I like \Sodium\foo instead of sodium_foo, but it deviates from the norm. > > If we're going to break the norm, we should do so on a stronger majority > > than 50%+1. >

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hi Ilija > On 4 Feb 2017, at 17:09, ilija.tov...@me.com wrote: > > Hi Stephen > >> Using type hints is a part of the language. It even has benefits that I can >> absolutely see being used here: >> >> array_map(function(Foo $x) => $x->bar()); >> >> If Foo is a class/interface with a method of

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

On 2/4/2017 12:54 AM, Scott Arciszewski wrote: > I like \Sodium\foo instead of sodium_foo, but it deviates from the norm.​ > ​ If we're going to break the norm, we should do so on a stronger majority > than 50%+1. > I see another problem besides the issue that a namespaced core elements are

Re: [PHP-DEV] [RFC][Discuss] Arrow Functions

Hi Stephen > Using type hints is a part of the language. It even has benefits that I can > absolutely see being used here: > > array_map(function(Foo $x) => $x->bar()); > > If Foo is a class/interface with a method of bar, your IDE can know that it's > a valid method to call. > > That of course

Re: [PHP-DEV] [RFC] [VOTE] Libsodium as a core extension in PHP 7.2

> > Would it not be possible for _both_ to be supported? It would be just an > alias > What's the benefit? I can just see bloat and confusion.