Hi Pierre,
On Thu, Oct 20, 2016 at 7:12 PM, Pierre Joye wrote:
>> Application requires unique ID under across multi process/thread
>> tasks, it will have more chance to have collided unique ID.
>
> uniqid fill(s|ed) some needs or maybe still fits for some.
>
> However for modern application with
On Thu, Oct 20, 2016 at 4:44 PM, Yasuo Ohgaki wrote:
> Application requires unique ID under across multi process/thread
> tasks, it will have more chance to have collided unique ID.
uniqid fill(s|ed) some needs or maybe still fits for some.
However for modern application with many concurrent re
Hi Kalle,
I forgot to mention one more thing.
On Thu, Oct 20, 2016 at 6:28 PM, Yasuo Ohgaki wrote:
> Warnings are based on following facts.
>
> uniqid(); // without entropy
>
> usleep(1) is called to get unique timestamp, but NTP can disturb and
> uniqid() can result in the same ID.
>
> uniqid('
Hi Kalle,
On Thu, Oct 20, 2016 at 5:17 PM, Kalle Sommer Nielsen wrote:
> 2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki :
>> "Do not make assumption for uniqid() output format, entropy
>> especially. uniqid() output format may be changed to provide
>> reasonably unique ID in future versions."
>
> Sounds
Hi Yasuo
2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki :
> "Do not make assumption for uniqid() output format, entropy
> especially. uniqid() output format may be changed to provide
> reasonably unique ID in future versions."
Sounds reasonable to me; although I would phrase it a little
differently, some
Hi Anatol,
On Wed, Oct 19, 2016 at 8:20 PM, Anatol Belski wrote:
>> I won't have time to write RFC for this, probably. I have many other things
>> that I
>> would like to improve, like session error status handling improvement that I
>> recently proposed.
>>
> I see. It's a pity you won't have t
Hi Yasuo,
> -Original Message-
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Wednesday, October 19, 2016 2:35 AM
> To: Anatol Belski
> Cc: Joe Watkins ; Niklas Keller ;
> Leigh ; PHP Internals
> Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid
On Wed, Oct 19, 2016 at 8:01 AM, Anatol Belski wrote:
>> -Original Message-
>> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
>> Sent: Tuesday, October 18, 2016 9:53 PM
>> To: Anatol Belski
>> Cc: Joe Watkins ; Niklas Keller ;
>> Leigh ; PHP Internals
Yasuo,
> -Original Message-
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Tuesday, October 18, 2016 9:53 PM
> To: Anatol Belski
> Cc: Joe Watkins ; Niklas Keller ;
> Leigh ; PHP Internals
> Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid
Hi Rowan,
On Wed, Oct 19, 2016 at 5:14 AM, Rowan Collins wrote:
> On 18/10/2016 20:52, Yasuo Ohgaki wrote:
>>
>> Which is important?
>> - uniqid() is not unique
>> - Really broken system that shouldn't be used may emit error
>
>
> Frankly, both are pretty rare cases. From the way you talk abo
On 18/10/2016 20:52, Yasuo Ohgaki wrote:
Which is important?
- uniqid() is not unique
- Really broken system that shouldn't be used may emit error
Frankly, both are pretty rare cases. From the way you talk about it,
everybody who uses uniqid() will get duplicate values all the time, when
Hi Kalle and all,
On Wed, Oct 19, 2016 at 1:43 AM, Kalle Sommer Nielsen wrote:
> 2016-10-18 18:41 GMT+02:00 Anatol Belski :
>> AFM the patch is not acceptable for 7.0. It is true that some place was
>> moved to the new random int functionality (in password AFAIR). But, it is
>> done at the plac
Hi Anatol,
On Wed, Oct 19, 2016 at 1:41 AM, Anatol Belski wrote:
> AFM the patch is not acceptable for 7.0. It is true that some place was moved
> to the new random int functionality (in password AFAIR). But, it is done at
> the place and the way that a BC breach is unlikely. Using the throwing
2016-10-18 18:41 GMT+02:00 Anatol Belski :
> AFM the patch is not acceptable for 7.0. It is true that some place was moved
> to the new random int functionality (in password AFAIR). But, it is done at
> the place and the way that a BC breach is unlikely. Using the throwing
> variant is for sure
Hi Yasuo,
> -Original Message-
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Tuesday, October 18, 2016 2:03 PM
> To: Joe Watkins
> Cc: Niklas Keller ; Leigh ; PHP Internals
>
> Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness
>
2016-10-18 14:41 GMT+02:00 Yasuo Ohgaki :
> Hi Niklas,
>
> On Tue, Oct 18, 2016 at 9:33 PM, Niklas Keller wrote:
> > 2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki :
> >>
> >> Hi Niklas,
> >>
> >> On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote:
> >> >>
> >> >> As you can see from last minutes dis
Hi Niklas,
On Tue, Oct 18, 2016 at 9:33 PM, Niklas Keller wrote:
> 2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki :
>>
>> Hi Niklas,
>>
>> On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote:
>> >>
>> >> As you can see from last minutes discussion.
>> >>
>> >> "/dev/urandom cannot be read" is FUD.
>>
2016-10-18 14:12 GMT+02:00 Yasuo Ohgaki :
> Hi Niklas,
>
> On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote:
> >>
> >> As you can see from last minutes discussion.
> >>
> >> "/dev/urandom cannot be read" is FUD.
> >> It's pure bug fix. (I intentionally made patch easy to extend used
> >> char
Hi Niklas,
On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller wrote:
>>
>> As you can see from last minutes discussion.
>>
>> "/dev/urandom cannot be read" is FUD.
>> It's pure bug fix. (I intentionally made patch easy to extend used
>> chars, though)
>>
>> Would you consider revert the revert?
>
>
>
2016-10-18 14:02 GMT+02:00 Yasuo Ohgaki :
> Hi Joe,
>
> On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki wrote:
> >
> > On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins
> wrote:
> >>> This change should go through the standard RFC process and should be
> >>> targeted at 7.2+ (master) *only*.
> >>
> >>>
Hi Joe,
On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki wrote:
>
> On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins wrote:
>>> This change should go through the standard RFC process and should be
>>> targeted at 7.2+ (master) *only*.
>>
>>> Please check with the RMs before merging functionality change
On Tue, Oct 18, 2016 at 8:47 PM, Lester Caine wrote:
> On 18/10/16 12:37, Yasuo Ohgaki wrote:
>> The patch committed is pure bug fix.
> https://www.google.co.uk/search?q=%2Fdev%2Furandom+is+not+readable+by+php
>
> Even bug fixes need proper documentation to avoid the WTF !
I'm about to add the do
On 18/10/16 12:37, Yasuo Ohgaki wrote:
> The patch committed is pure bug fix.
https://www.google.co.uk/search?q=%2Fdev%2Furandom+is+not+readable+by+php
Even bug fixes need proper documentation to avoid the WTF !
--
Lester Caine - G8HFL
-
Contact - http://lsces.co.uk/w
On Tue, Oct 18, 2016 at 8:00 PM, Lester Caine wrote:
> On 18/10/16 11:02, Niklas Keller wrote:
>>> 'Suppliers' should perhaps be helped to configure their systems so the
>>> > users can use things, but things like /dev/urandom may need some
>>> > additional notes to help identify problems when fra
Hi Joe,
On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins wrote:
>> This change should go through the standard RFC process and should be
>> targeted at 7.2+ (master) *only*.
>
>> Please check with the RMs before merging functionality changes into
>> release
>> branches. All functionality changes need
On 18/10/16 11:02, Niklas Keller wrote:
>> 'Suppliers' should perhaps be helped to configure their systems so the
>> > users can use things, but things like /dev/urandom may need some
>> > additional notes to help identify problems when frameworks like owncloud
>> > start throwing errors. As Niklas
Morning,
> This change should go through the standard RFC process and should be
> targeted at 7.2+ (master) *only*.
> Please check with the RMs before merging functionality changes into
release
> branches. All functionality changes need consent and consensus. Bug fixes
> (that don't change functi
Lester Caine schrieb am Di., 18. Okt. 2016, 11:42:
> On 18/10/16 08:35, Yasuo Ohgaki wrote:
> >> Sure, but it did happen that shared hosts block it, noticed during
> >> > random_compat adoption.
> >> >
> >> > You claimed there isn't any BC break.
> > The line should be
> >
> > "There is no BC for
On 18/10/16 08:35, Yasuo Ohgaki wrote:
>> Sure, but it did happen that shared hosts block it, noticed during
>> > random_compat adoption.
>> >
>> > You claimed there isn't any BC break.
> The line should be
>
> "There is no BC for usable systems"
>
> Any file permission could disturb PHP script e
On Tue, Oct 18, 2016 at 4:16 PM, Niklas Keller wrote:
> Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 08:47:
>>
>> Hi Niklas,
>>
>> On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote:
>> > Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21:
>> >>
>> >> Hi all,
>> >>
>> >> I committed this patch
Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 08:47:
> Hi Niklas,
>
> On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote:
> > Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21:
> >>
> >> Hi all,
> >>
> >> I committed this patch that simply use php_random_bytes() w/o any BC.
> >
> >
> > Doesn't
Hi Niklas,
On Tue, Oct 18, 2016 at 3:36 PM, Niklas Keller wrote:
> Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21:
>>
>> Hi all,
>>
>> I committed this patch that simply use php_random_bytes() w/o any BC.
>
>
> Doesn't this throw now in some environments where /dev/urandom isn't
> readable?
Yasuo Ohgaki schrieb am Di., 18. Okt. 2016, 02:21:
> Hi all,
>
> I committed this patch that simply use php_random_bytes() w/o any BC.
>
Doesn't this throw now in some environments where /dev/urandom isn't
readable?
Regards, Niklas
http://git.php.net/?p=php-src.git;a=commitdiff;h=48f1a17886d87
Hi all,
I committed this patch that simply use php_random_bytes() w/o any BC.
http://git.php.net/?p=php-src.git;a=commitdiff;h=48f1a17886d874dc90867c669481804de90509e8
I thought there is php_random_int(), but it's not.
So this is one of the best patch for this purpose.
There is bug reports that
Hi Leigh,
On Wed, Oct 5, 2016 at 5:25 PM, Leigh wrote:
> The list was missed off of Yasuo's replies to me, replying including the
> list
Me too :)
>
> On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote:
>>
>> Hi Leigh,
>>
>> On Tue, Oct 4, 2016 at 7:06 PM, Leigh wrote:
>> > Since we want to prese
The list was missed off of Yasuo's replies to me, replying including the
list
On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote:
> Hi Leigh,
>
> On Tue, Oct 4, 2016 at 7:06 PM, Leigh wrote:
> > Since we want to preserve BC
> >
> > entropy = random_int(0, );
> > uniqid = strpprintf(0, "%s%0
On 4 October 2016 at 02:39, Yasuo Ohgaki wrote:
> Hi Leigh,
>
> On Mon, Oct 3, 2016 at 9:06 PM, Leigh wrote:
>> I'm curious, did you consider using random_int? It already handles
>> biasing, and you can reduce the repeated calls to random_bytes.
>
> Yes. It seemed it might be slower due to number
Hi Leigh,
On Mon, Oct 3, 2016 at 9:06 PM, Leigh wrote:
> I'm curious, did you consider using random_int? It already handles
> biasing, and you can reduce the repeated calls to random_bytes.
Yes. It seemed it might be slower due to number of retries at first,
but I realized that it isn't later.
On 2 October 2016 at 21:03, Yasuo Ohgaki wrote:
> Hi all,
>
> On Mon, Oct 3, 2016 at 3:56 AM, Yasuo Ohgaki wrote:
>> Besides improving "more entropy" the default and data, I prepared
>> fully compatible patch to simplify discussion.
>>
>> https://gist.github.com/anonymous/fb615df325d559fa806a2650
Hi Yasuo
2016-10-02 20:56 GMT+02:00 Yasuo Ohgaki :
> I would like to apply this patch from PHP 7.0 branch, then discuss what
> the default should be.
>
> Any comments?
> If there is no objections, I'll apply this few days later.
If anything this should be considered from 7.1+, I don't think we
sh
On Sun, Oct 2, 2016 at 8:56 PM, Yasuo Ohgaki wrote:
> Besides improving "more entropy" the default and data, I prepared
> fully compatible patch to simplify discussion.
>
> https://gist.github.com/anonymous/fb615df325d559fa806a265031a06ede
>
> I would like to apply this patch from PHP 7.0 branch,
41 matches
Mail list logo