Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125637
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id D88451A00BD
	for <internals@lists.php.net>; Fri, 20 Sep 2024 07:57:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1726819164; bh=JwYUVOkxdU8RVOTX5PwJz/Gif0x8VH1BhxVDrYZ8m44=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=OWsvPeoPa1KekZsfGj4GVtpQidwjQBS+3CJRdD0W9d9UVrkcKYaZCOrdG4fWyVVfF
	 WPHKf8Qo0+EGZMC4L4tPIvw4GrKmqfDiBmj2OSaszmjQ0QzJDb+cUQq37N8xhqFTCu
	 clcWlaAPn0MgE6Ax9MLplmyj/jdp+ZXDvLU9rmNAwZJHJvBmMiHTWuh6fDyCjWSK/F
	 WwnVAF0Tv2PnTabdTjYKELpRfNTMTs7SmSOJhba1wQ/ePL/MdmfNAcHGtvRutHFkXI
	 TwhNw0G7SPtsV+IUWTXLTr3+IeV8bpdaLCA+m8HcXLImgeZ6V+P8+ZX/Fuko2zqaV1
	 X/sq0TyjQWvdA==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 6D51818004A
	for <internals@lists.php.net>; Fri, 20 Sep 2024 07:59:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <arvids.godjuks@gmail.com>
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 20 Sep 2024 07:59:22 +0000 (UTC)
Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-42cd46f3a26so14923145e9.2
        for <internals@lists.php.net>; Fri, 20 Sep 2024 00:57:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726819035; x=1727423835; darn=lists.php.net;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=JwYUVOkxdU8RVOTX5PwJz/Gif0x8VH1BhxVDrYZ8m44=;
        b=GBgeyUIVerD6B42QyXjj09o6NyGu0JKhTljakpvkA5X0kO0P/8qDOhdbLDzdsJOdCL
         WeVxD/nEROAj2ereFOtsvHIm8wwyXqwgbqWb8+PuFCwrSx2e1wOLqrSJfMlCNKl7aY3V
         L8mQl1XEa6ZxF+iJ0TgVPkO/fJzt5S3WbdW/Z3qLT7cnW0NH1kCxja09jLcKSUQvJJey
         2QgLZdy6TiFJc4TEpSiuOezlbpOi6x3qr5L+pZIjFkNg7YSoyYepaquI5hI/dZhB0f3a
         xggDH7MxGg6mbEywq3FMirA/tRBwCcT6jXCC7viElvJ3ygeoEAEfcStiaPHCbNQI7ARj
         gAFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726819035; x=1727423835;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JwYUVOkxdU8RVOTX5PwJz/Gif0x8VH1BhxVDrYZ8m44=;
        b=Sq8ulfhv8xJJjbD1Wl14TE9q0BKxxbUw4jABhmD+mV5qo8S7qU00Zd3tplpcoBiDne
         8swjGyVkWhIwI0THq6uRvCSROLQvCyBunI1YWDbLVnL8rkpw4fJEIrAWTl/n+2fqeXKN
         iIuctwdOk8V7MpzDVCGHxwWjWOSbsyfmVe2wrR0+AbpvTfMDr/t/nGOLfJKGYQVKQ35J
         Tb7QCHUbmhOaTLJM/Z8FxEabpYfOsFOKnGWppLTBNgmiDC/bGE1LvUSFuGLxFu4PsStp
         /TqlxX4prt5TCGiRVtD6pY6SCPRpq5A+2bW2M+EaSsvUSm00/UB2GH7DJIrXL+QRNRWx
         SWTA==
X-Forwarded-Encrypted: i=1; AJvYcCW5desR/o/q6w2d5xDKfQoDrDKjDMjxr8FpCBzMKlfG79XbFrKl8PdbOPH4ZK5ROalxIz9+GbqaxJE=@lists.php.net
X-Gm-Message-State: AOJu0Yz5fZTS1RbBMjlohtBPgVylLClaUOC1/1rjh/a3rIxNyn0LMo/S
	fbcX90rNuOHq8Rx6VFS+vtcZXkjjYUo9APuJHA767IALJJhtZSYauPukojgfKCjOLTsZPLUe7A6
	KMYPxgWZfLQcIaFXHDqHf13MZUmo=
X-Google-Smtp-Source: AGHT+IF+mzEfIsmfWM1AwAIjB/RapS90xRQau2gMGvyl3AafxD6xM1suK4Vgu6bz/uxB5H/jvLeIY8NzcrxHP0MH1WY=
X-Received: by 2002:a05:600c:3591:b0:42c:b63e:fe8f with SMTP id
 5b1f17b1804b1-42e7abfc4d8mr14444575e9.13.1726819034885; Fri, 20 Sep 2024
 00:57:14 -0700 (PDT)
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
References: <A247BB36-9FD1-4AAF-AAB8-82DBD9DE3550@newclarity.net>
 <CA697780-BC2D-4054-A9FD-523E08236732@rwec.co.uk> <8D420123-4ECF-48FD-A9C3-F80C60457A37@newclarity.net>
 <CA+Jpajkx0OraH7GQyB5gECtPOo2JP=RzuSwqfv4AZGY+a+ryPw@mail.gmail.com>
 <AACF228F-53D3-480F-9127-77FBC4AE6A84@newclarity.net> <CAGnYymDhy1dov+4HcFWhAx1Ga9bXR=Urew9RbN5KEXcgHmk=Ew@mail.gmail.com>
 <f433fbe1-bee4-4a61-ba18-90053975b29e@app.fastmail.com> <BB0310CD-8134-4B3F-9C51-B59B5A24405F@automattic.com>
 <CA+Jpajnk9i=EhqXaKnYUTHhA_1TfzB1qiLfRh1whPoO8Y8ECqA@mail.gmail.com> <7EA884D2-0F37-4BF1-AC97-DB6953C944E6@automattic.com>
In-Reply-To: <7EA884D2-0F37-4BF1-AC97-DB6953C944E6@automattic.com>
Date: Fri, 20 Sep 2024 10:56:38 +0300
Message-ID: <CAL0xaBHKUxwbzAYaPHevLSAEvWOQRPLsraxEg3oQtJ=wTxAkiw@mail.gmail.com>
Subject: Re: [PHP-DEV] Zephir, and other tangents
To: Dennis Snell <dennis.snell@automattic.com>
Cc: Hammed Ajao <hamiegold@gmail.com>, Rob Landers <rob@bottled.codes>, 
	Adam Zielinski <adam.zielinski@automattic.com>, Mike Schinkel <mike@newclarity.net>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000002a7735062288631b"
From: arvids.godjuks@gmail.com (Arvids Godjuks)

--0000000000002a7735062288631b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 20 Sept 2024 at 09:17, Dennis Snell <dennis.snell@automattic.com>
wrote:

> Hi Hammed, thank you for taking the time to read through this and share
> your thoughts.
>
> snip
>
>
>
> Cheers,
> Hammed
>
>
> Hope you have a nice weekend. Cheers.
>

Hello everyone,

I want to chip in here, since reading the thread lead me into a state of
cognitive dissonance.
I've been in PHP world for a long time, about 3 years shy of how old
Wordpress is. When I'm reading "shared hosting" and "WASM" and knowing how
managed hosting works, I have to ask: What type of la-la land is this
conversation is taking place in?
All managed wordpess hosting is locked down hard. Extensions are very
limited and everything that allows any type of freedom is disabled,
functions are disabled en mass. I have to ask: knowing the history of past
27 years, what managed hoster in their right mind and sanity will allow
WASM to be enabled to bypass ____A L L _____ PHP security features and
allow PHP code do anything it wants? On a shared hosting... I seriously
want to know answer to this question, because I firmly believe there was
zero risk and security assessment not only done, but it hasn't been even a
twinkle in the eye.

On VPS/Decicated you can run whatever you want, so you don't have the
limitations.

On other note - people have pointed out how big body of work it is. If you
want to sponsor WASM development for PHP, I suggest Automatic open their
wallet and put in 2-3 million $ a year for the next 5-10 years to
PHPFoundation and find devs who are capable and willing to do this job.
Honestly, I think you might find people to want to do that rather than lack
of money being the cause of it.

--=20

Arv=C4=ABds Godjuks
+371 26 851 664
arvids.godjuks@gmail.com
Telegram: @psihius https://t.me/psihius

--0000000000002a7735062288631b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, 20 Sept 2024 at 09:17, Dennis Sne=
ll &lt;<a href=3D"mailto:dennis.snell@automattic.com">dennis.snell@automatt=
ic.com</a>&gt; wrote:<br></div><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex"><div class=3D"msg-7163692151126893705"><u>=
</u>





<div>
<div>Hi Hammed, thank you for taking the time to read through this and shar=
e your thoughts.</div>
<div><br></div>
<blockquote type=3D"cite">
<div>snip</div></blockquote>
<div><br></div>
<blockquote type=3D"cite">
<div dir=3D"ltr" style=3D"font-family:-webkit-standard;font-variant-caps:no=
rmal;font-weight:400;text-decoration:none"><div class=3D"gmail_quote">
<div>
<br>Cheers,</div>
<div>Hammed</div>
</div></div>
</blockquote>
<div><br></div>
<div>Hope you have a nice weekend. Cheers.</div>
</div>
</div></blockquote></div><div><br></div>Hello everyone,<div><br></div><div>=
I want to chip in here, since reading the thread lead me into a state of co=
gnitive dissonance.</div><div>I&#39;ve been in PHP world for a long=C2=A0ti=
me, about 3 years shy of how old Wordpress is. When I&#39;m reading &quot;s=
hared hosting&quot; and &quot;WASM&quot; and knowing how managed hosting wo=
rks, I have to ask: What type of la-la land is this conversation is taking =
place in?</div><div>All managed wordpess hosting is locked down hard. Exten=
sions are very limited and everything that allows any type of freedom is di=
sabled, functions are disabled en mass. I have to ask: knowing the history =
of past 27 years, what managed hoster in their right mind and sanity will a=
llow WASM to be enabled=C2=A0to bypass ____A L L _____ PHP security feature=
s and allow PHP code do anything it wants? On a shared hosting... I serious=
ly want to know answer to this question, because I firmly believe there was=
 zero risk and security assessment not only done, but it hasn&#39;t been ev=
en a twinkle in the eye.</div><div><br></div><div>On VPS/Decicated you can =
run whatever you want, so you don&#39;t have the limitations.</div><div><br=
></div><div>On other note - people have pointed out how big body of work it=
 is. If you want to sponsor WASM development for PHP, I suggest Automatic o=
pen their wallet and put in 2-3 million $ a year for the next 5-10 years to=
 PHPFoundation and find devs who are capable and willing to do this job. Ho=
nestly, I think you might find people to want to do that rather than lack o=
f money being the cause of it.</div><div><div><br></div><span class=3D"gmai=
l_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature=
"><div dir=3D"ltr"><div><br></div>Arv=C4=ABds Godjuks<div>+371 26 851 664</=
div><div><a href=3D"mailto:arvids.godjuks@gmail.com" target=3D"_blank">arvi=
ds.godjuks@gmail.com</a></div><div>Telegram: @psihius=C2=A0<a href=3D"https=
://t.me/psihius" target=3D"_blank">https://t.me/psihius</a></div></div></di=
v></div></div>

--0000000000002a7735062288631b--