Dutch PHP Conference 2017
29 Jun - 1 Jul 2017 at RAI Amsterdam

4

Spend a full day learning about Docker and related tools with Matthias Noback and Lucas van Lierop... - Use this day to finally take a deep dive into Docker, - Or bring your own Docker-based project and leverage the combined knowledge of all participants to make it better. - Work together, or alone. - Don't follow along with the teacher, find your own path instead. - Not limited to PHP, use the language of your choice. We'll offer interesting and useful material: articles, exercises, tips & tricks. A selection of topics you could choose from: - Continuous integration, including UI tests - Design principles - Running build tools - How to deal with annoying stuff (e.g: users, file permissions, signal handling, dependencies between services) - Health checks - Security - Clustering

1

As PHP developers, the vast majority of the code we write ends up in a Linux environment - be that a staging box, AWS or more traditional hosting, most servers we work with are linux based. While we all know that security is important, most of the time we focus on our application, looking at data validation, XSS attacks etc, and all to often we don't consider the security of the underlying infrastructure. This tutorial gives a detailed, hands on introduction to Linux security, so that any PHP developer can check and secure their stack, and protect their application at a much deeper level. Working with pre-created linux virtual machines, delegates will have hands-on instruction on the following topics: - Key principles of server security - Types of attacks - Securing your server from the outside in - network level defences - Configuring your servers to better security - Ongoing protection with fail2ban - Security and money - an introduction to PCI DSS compliance Having 'in house' developers with Linux security skills is a massive benefit to any organisation, so by the end of this tutorial delegates will not only be able to audit and improve security on their own servers, but also have the grounding and skills to learn more and develop their security knowledge further.

Rich domain models, inspired by imperative objective-oriented approaches, dominate our industry. But lean domain models are a compelling alternative. By separating behaviour and state, lean models offer an effective way to represent units of behaviour. This session will explore how to represent a lean domain model using a functional programming paradigm. We’ll explore how types can be used as a natural way to represent business constraints alongside smart constructors and functional validation. You’ll learn how type properties can be modelled with property based testing, how behaviour can be better composed, and how to keep domain behaviour isolated from application state and much more.

Mob Programming is a practice that Woody Zuill and his then team at Hunter Industries "discovered" while "turning up the good" and it's a cost-effective, collaborative and fun way to get work done together. The entire team works together (including the Product Owner's etc.) at the same time, on the same computer. Attendees will experience a typical day of Mob Programming while learning the mechanics of how to work together as and the techniques that make this form of development so effective. They will learn how a mob works together on all activities including test-driven development, refactoring, and retrospectives. This will be an exciting, hands on workshop that will leave attendees with essential collaboration skills they can take back to their organisations.

It's finally happening: JavaScript is growing up and browser vendors are on board this time. But most web developers are stuck in the year 2000 when it comes to JavaScript. In this session attendees will get a good look at some of the more compelling - and practical - changes already in their favorite browsers. We'll build a small application using these new features and no external libraries! Topics covered in our project will include new variable declaration types and scopes with `let` and `const`, default function arguments, modules, object deconstruction, template strings, "classes", fetch, Promises, and more. Can you really use these features? Our last topic will be browser support and how to transpile ES6/2015 code down to ES5 for use in older browsers. This is not an introductory tutorial, so attendees should come armed with a basic understanding of JavaScript functions, interacting with the DOM, scope, and async programming!

In this workshop we will get into practical examples of how to create a Progressive Web App -an offline capable app-like web application- using the latest specs. Google, Mozilla, Samsung, Opera and Microsoft are all supporting the new Progressive Web Apps world. We will cover desktop and mobile webapps, using Service Workers and other specs, debugging techniques and tools available. We will learn how to detect connection status and how to create a successful offline experience. We will cover how to use Push Notifications for the Web, how to setup notifications server-side using Google Firebase. We will finally see how to use Web App Manifest to convert the website into a native-like webapp and how to serve similar solutions for Safari and iOS and other non-compatible browsers. After this workshop you will have a fully functional PWA that you can serve to your users.

A practical tutorial showing the basics of EventStorming. As we go through the user story, we'll explain the different types of stickies, why they matter, and show why EventStorming is such an effective tool.

Modeling complex problems is hard and often leads to very complicated code. Controllers, repositories, services, conditions, forms - client’s business requirements sometimes infiltrate all these layers, everything is mixed together, making code really difficult to read, understand and develop. When you want extend business logic, but you need to dig in tens (or even hundreds) lines of controller action, trying to understand what are all these objects for and what other places should be changed too, it’s time to try different approach… "Thinking in events" means that you can be fully focused on problem domain, implementing testable business logic and associated rules, not on database, web framework or other implementation details. During this workshop you will learn how to use event/command buses in your app, apply Event Sourcing to store all history or split reads from writes with CQRS to increase performance, scalability and security. Being concentrated on client real problem the same time, without any distractions from code.

Have you ever looked for a platform to define builds and deployment pipelines with code written in a real programming language and stored inside version control? The 2016 major version of Jenkins introduced Pipeline as Code for this reason, instantly setting a standard for its huge community of users and plugins. This workshop will put your hands on: - building delivery pipelines which test a project in isolation, in integration environments and finally deploy it to production - build all the pull requests in an organization to give timely feedback to developers - make use of shared resources such as virtual machines, without failing because of race conditions or conflicting builds - turn off unused virtual machines for costs saving - remove duplication from pipelines by extracting libraries of steps - automatically open pull requests proposing changes, such as the update of libraries

Drupal8 modernization (new object-oriented base) and adoption of many Symfony components is a huge step in connecting these two amazing communities and amazing projects. Drupal8 is not powered by full-stack Symfony and there are still many differences between these two relatives, but still, Symfony developers should master it easily. This talk is for Symfony developers who don't have experience with Drupal8. It will guide you through routing, controllers, hooks, events, Drupal Console, DI and many other interesting elements that power Drupal8 under the hood. It will also show how to build custom modules Symfony way.

2

User Story Mapping is a strategy where you form a team of customers, developers, and users around your project to discover the full details of your project. Your team diagrams the story of the business process and all of the events happening around it. Once you have completed discovery of these stories, your team uses strategies to view features alongside the problems they solve. It is a powerful approach that allows your team to prioritize features, based on everyone's needs and motivations. Instead of planning our project as a building that we must build with a strong foundation, we learn to plan as if it were a vehicle. This focus delivers the Most Valuable Features to the customer by answering the question, “What’s Your Skateboard?” In this workshop, we will use some simple examples to diagram the process, discover the details of the project, and finally to identify the main objectives of the project. Through examples, we will discuss strategies for prioritizing features. Finally, we will talk about how to handle areas of risk in the story. You will quickly see how this strategy helps you to communicate more clearly with your customers, and how it can help you all evaluate priorities based on everyone's needs. Opening communication with your customer in this way, helps to reduce frustration with unmet expectations and confusion about project deliverables, as well as improves estimation. Participants in this workshop will learn the following: - Building the story map, and using the map to find out more about the project. - Grouping the stories based on objectives and problems solved - Prioritizing features that deliver the most value to your customers - Identifying risk in the story map and strategies to deal with it

I want to explore why skills beyond software are increasingly so much more important. Simple ones, like communication. To complex ones like understanding others/empathy, privacy concerns, etc. For people to achieve fuller development in their carriers, the direction industry is going requires more than just being able to code. Maybe one day we will have AI to code for us, what skills can an engineer have to still be relevant.

The luxury fashion brand BALR. has grown exponentially since it was founded in 2013. As the online sales went through the roof, the web development team had to play catch-up. Nonetheless, our agile-minded stakeholders gave the in-house development team all the time needed to ‘do things right’ during the transition from a small webshop to an enterprise e-commerce application. We started out installing and deploying demo applications of a range of e-commerce platforms until we found the best match for our requirements. We only started working on features after having finished all the DevOps work. BALR. 2.0 became our first project where docker runs in the development, testing, acceptance and production environments, using one and the same Dockerfile. To assure the quality of our Symfony based e-commerce application, PHPUnit tests, phpspecs and behat scenarios are run by Travis CI for commits and pull requests. When all tests pass for a merge commit, Travis CI builds the application for the deployment environment corresponding to the branch merged into. Then, it automatically uploads the built application to the corresponding environment of our Amazon AWS Elastic Beanstalk (EB) application. EB supports docker and allows us to easily duplicate an entire AWS application configuration including security groups, regions, auto-scaling configurations, etc. with the click of a button. Standing on the shoulders of giants and really taking the time to work with the best modern tools available today has several advantages for our development process. We can keep our tooling and CI/CD process up-to-date with the latest technology in small incremental steps and, above all, the proportion of time the development team can focus on implementing business logic increased dramatically compared to earlier projects.

At Flypay we use XP practises such as TDD and Pair Programming to increase the quality of software produced. We pair program 80% of the time and adopt a strict policy of outside in test driven development. Over the last year we have both produced exciting new features and brought our monolithic, untested legacy application under some semblance of control. We proscribe a large portion of our recent success to using XP methods. We believe the benefits of an XP approach are: - Higher quality output - Better context sharing between team members ‘Low Bus Factor’ - Decreased cost of change - Team members improve at their job faster This talk discusses the technical; “The tools used to achieve this” and the the process; “Making pairing and TDD work in your organisation”.

12

After 16 years a new version of the HTTP protocol has now been finalised and wide support in browsers and web servers is coming quickly. In this talk I'll explain how HTTP and browsers work in general and what you currently have to do to make your application as fast as possible. Based on this I'll show what HTTP/2.0 is all about, what it changes and how it can help your application's performance.

17

If you've been in development for a while and you're anything like me, you probably still use MySQL in the same way as you did in the 3.x days - let's be honest, when was the last time you cracked open the MySQL documentation? However, things have moved on, and these days there are some pretty awesome features in MySQL, from document store to spatial support and more, that would make your life easier, and your app faster - things that you could - or even should - be using. Join Liam and discover what this modern MySQL looks like, and how you might use it to improve your applications.

Part of writing asynchronous code in PHP is using extensions and services to offload processing. Another part is using core mechanics to structure traditionally synchronous code in new ways. That's where this talk comes in. Generators were added in PHP 5.5. These were originally meant to add syntactic sugar on top of iterable structures, but some folks have learned how to use them to simulate interruptible functions. We take a look at how generators can be used for iteration, and how iteration and interruptibility are two sides to the same coin. There's hand-on code, as I show you how to build a multitasking system in 100 lines of code. Finally we look at a few popular projects that use this mechanic to facilitate common programming tasks using interruptible functions.

9

The new Abstract Syntax Tree (AST) in PHP 7 means the way our PHP code is being executed has changed. Understanding this new fundamental compilation step is key to understanding how our code is being run. To demonstrate, James will show how a basic compiler works and how introducing an AST simplifies this process. We’ll look into how these magical time-warp techniques* can also be used in your code to introspect, analyse and modify code in a way that was never possible before. After seeing this talk, you'll have a great insight as to the wonders of an AST, and how it can be applied to both compilers and userland code. (*actual magic or time-warp not guaranteed)

12

In recent years we've seen a growing awareness of privacy issues, particularly in the wake of Edward Snowden's revelations. The 2015 collapse of the safe harbour agreement (making it illegal to store data on EU citizens in the US) was patched up with Privacy Shield in 2016, but that's on shaky ground too. The EU's tough new General Data Protection Regulations (GDPR) come into force in May 2018, raising privacy & data protection standards enormously, and massively increasing exposure for companies on both sides of the Atlantic. All too often legal departments have no contact with developers, and the only time the right conversations happen is when something has gone horribly wrong and it's too late. We need to fix this - developers need to be aware of legal responsibilities because it's implementation details that matter, and that's what this talk is all about. We will cover what makes the GDPR different, how it changes what happens at the developer and sysadmin level, and what steps you will need to take to conform to the standards.

7

What if we could evolve our web of individual documents and data to a web of interlinked knowledge, a web where machines can automatically combine data from multiple sources and draw conclusions from it? The Semantic Web technologies from W3C enable us to make sense of the data wilderness on the web and unlock the full potential of the data treasures hidden in it. In this talk, we will see how RDF enables us to formally describe the meaning of data and how such data can be queried with SPARQL. We will look at how OWL lets us make more expressive statements about the world, so that a computer can logically reason about it and infer new information. We will demonstrate these technologies by showing how they can be used to combine data sets in different formats as if they were one and letting a computer draw logical (and perhaps surprising) conclusions for us.

The browser and PWAs can break today's web limits accessing the Physical, VR and Native App Worlds. Let's see how to integrate your PWAs with native features such as Share dialogs, Apple/Android Pay, Sensors and Bluetooth; and how to add Virtual and Mixed Reality experiences through WebVR. In this session we will introduce new JavaScript APIs and specs that are now joining the Web and PWAs that let us connect with new worlds, such as the Physical World with hardware, sensors and Bluetooth; the Virtual and Holographic Worlds with WebVR and 360 content; and the Mobile World through device integration in PWAs. We will cover new JavaScript APIs, such as WebVR, Bluetooth, Payments, Share, Push and more with demos and updated info on current and future compatibility. We will also see current state of hardware APIs that can be used to get data from sensors and what we can do in Virtual and Mixed Reality devices with devices on-stage, such as on HoloLens, DayDream, and Oculus. We will make live demos that attendees will be able to test on their own devices while attending the session.

11

You've used Composer so many times now, but how deep is your understanding of your dependencies? Can you get yourself out of every tricky situation? This talk will cover a broad range of dependency management subjects: From assessing the risk, e.g. through BC breaks, introduced into your business critical code by third party software, all the way to hand-on tips for working with composer in the real world, e.g. what to do if composer.lock conflicts during a merge, when your colleagues and you modified dependencies in different ways.

Uncon talk

In this talk you will learn how to effectively store, retrieve and display geospatial data, such as roads, points of interests and more. First we will be importing an OpenStreetMap dataset covering Amsterdam into MongoDB. This is not trivial due to the amount of data. After importing, we will look at which types of queries we can run to find things. Either by predicates, or with geospatial queries. And last we will have a look at how to display the data that we've requested, through a website using the Leaflet mapping library.

9

Our increasingly connected world, along with the promises of Big Data and Cloud Computing, offers us multitudes of opportunities to model the world and build powerful technology to improve not only the companies we work for but the lives of many. Yet far too often we, as engineers, focus on providing a solution to the problem at hand and overlook the problems that the solution itself might cause. In this talk, I examine some of the issues our world throws up, and asks what it takes to engineer ethically.

11

Have you ever heard yourself or someone else say “Don’t deploy on Friday”? Perhaps it’s your company’s policy? I used to have a “Fear of Fridays” too! Join me as I tell you about my experiences and how I improved. Learn about build pipelines, automated testing, continuous deployment and monitoring. Discover the details of trunk based development, feature toggles, pair programming and other best practices, and gain the confidence to deploy multiple times per day, any day of the week!

7

In this talk you will learn what PSR-6 and PSR-16 are, why they are designed like they are, what the differences are, and how to use them. From the provided interfaces, the virtual package on Packagist.org, to the implementations available. Everything will be explained for both beginners and more experienced developers. We will dive into implementations, cache stampede protection, all using libraries we can find on Packagist.org. We will also show how to start using it today in our current applications by using adapters. The entire talk will be accompanied with code samples and live demos, showing both working and failing caching systems.

At some point in our career, we have all written code that we considered good, but needed full code replacement later on, even though the functional change requested was very small. When this occurs, it is often an indication of lack of either understanding or correct application of the SOLID principles. Several years ago, I attended a talk on the principles, and it prompted me to try to be more aware of applying them to my code. From this I learned several lessons, the most important one being that almost no one takes the time to determine if they apply them at all, let alone correctly. It caused me to add an additional iteration to all my coding and code-review in which I actively ask the question: “Is it SOLID?” But simply knowing the SOLID principles is not enough; you need to understand the why and how as well, which are actually a lot harder. These are important as the principles themselves are somewhat open for interpretation, which complicates applying them significantly. In this talk, I won’t focus on each of the principles themselves, but I’ll use examples of breaking two of the lesser understood ones and the problems this causes to highlight the reason why SOLID development is so important.

4

Serverless applications have a number of benefits and JavaScript is the most common language to write serverless functions in. Why not PHP? In this talk, I will discuss how I implemented first class PHP support into the Apache OpenWhisk platform. I look at how OpenWhisk works, how the PHP supprt is implemented and then walk though an example PHP serverless Slack application. This talk was presented at the Uncon.

You're an introvert. You do your best work when you can think a problem through alone in a quiet space. You express yourself better in writing or when you have a heads up before a meeting. But your company is cool! So your office resembles a sweatshop: large rows of desks squished into a concrete room with minimal sound deadening. And you company culture encourages team work! So anyone can call you or stop by your desk with immediate requests of varying levels of emergency. You're always being put on the spot, only later to think of who would be best qualified to answer the question, what a better solution might be, or where an inefficiency could be eliminated. In my talk, I’ll frame my learnings from "Quiet" by Susan Cain and "Introvert Power" by Laurie Helgoe with personal experiences about how to function effectively in offices unfriendly to introverts. I'll explore how American culture rewards those who speak the most over those who have something to say. Attendees will discover: - Whether they identify more as an introvert or an extrovert - What working styles and needs suit your personality - How to balance your needs with the needs of the team to get the best out of everyone

Apache Cassandra is one of the more popular choices for storing big data. Fault tolerance, scalability, and raw performance are the most often cited features of this NoSQL database. Companies like Apple and Netflix have deployed thousands of nodes. Aside from being an excellent database to store generic data, Cassandra is particularly well suited for storing time series data. What's more: employing Cassandra is not exclusive to large companies. Whether you're storing a couple of million records or want to insert a billion rows a day: everyone can benefit from using Cassandra! This talk is aimed at beginners who might have heard of Cassandra, but haven't started using it yet. It will cover all the basics of using Cassandra for time series. After an introduction of what Cassandra is and how it stores data, we'll dive right into relevant subjects like data modelling and running queries. I'll use easy to understand, real world examples to show you how it works in practice.

PHP has outgrown being a simple Apache module, being used on the command line not just for development tools but also in production. Long-running PHP processes may live for hours or days consuming messages from queues or background jobs to execute; this talk will guide you through several years of tweaks to make them reliable and performant. There are many things that can go wrong when leaving a PHP process around on your servers, but it is possible to solve the problems of crashing, memory leaks, interruptions, lost logs, or monitoring. The goal of having smooth operations has to be kept in mind - scaling your servers and traffic without scaling the people needed to look after them.

Documentation is much more than just commenting on code. It can be a lot more fun, too. Learn what types of diagrams are useful, when and how to use them, and how it all ties into the development process. Through real-world examples, I will teach you how to create meaningful, helpful documentation not only for posterity but also to guide you in your development efforts.

Backups are hard. Especially for heavily distributed systems. As we split our apps more and more into micro services, creating backups is no longer a single task nor in a single place. Instead, it involves data from different sources in different locations. Besides the backup process itself, I will talk about the challenge of connecting the dev and the ops and a way to use your backups in your daily routines. All to make sure your data is ready to be restored in case of a disaster scenario.

Uncon talk

Going viral hasn't always been considered good. Whether you're fighting the common cold, or trying to remove the ILOVEYOU computer worm from your corporate file server, two things are certain: your immune system is based on your gut health, and computers have really poor gut health. Stopping viruses is hard. The main reason for this is that viruses are really clever. They've evolved over time to escape detection. Each previously detected virus allows the next iteration of the virus to become more resillient. The second reason is that your computer's gut health has to fight every virus, whereas each virus just has to find one immunocompromised system to survive. Let's work out how viruses hide. How to they sneak past the checkpoints. How they attach themselves to your system. How they fight detection, and removal. We'll look at aspects such as self-replication, cryptographic obfuscation, and touch on methods of delivery and infection. Now that you're thinking like a virus writer, you can anticipate which areas of your applications need hardening. Just remember, we're doing it for good, not profit :) This presentation will feature live demos of writing PHP viruses, and infection of willing targets. The theories apply equally to many languages, so an understanding of PHP is not required.

4

What happens when your browser connects to a HTTPS secure site? We all know it has to do something with certificates, blue and green address bars and sometimes your browser will give warnings which we normally click away. But what actually happens under the hood? In this talk I will give a step-by-step explanation on the first few hundred milliseconds during a connection to HTTPS. We will talk about master secrets, shared secrets, cipher suites, x509 certificates and why secure does not (always) mean secure.

12

It's 2017 and times have changed – yet PHP is still most often associated with your average product catalog or blogging platform. In this talk you will learn that PHP's huge ecosystem has way more to offer and PHP is not inferior at all to its evil cousin Node.js. You will learn about the core concepts of async PHP and why you too should care about React PHP being a real thing. The talk has a strong focus on sparking the idea that PHP can be way faster and more versatile than you probably thought. Bring along an open mind and through lots of examples and demos learn why what sounds crazy at first might soon be a valuable addition in your toolbox.

We won't center our attention on PHP this time ! Nowadays, more and more PHP professional ignore how the network works. But PHP is in the middle of the network ! Abstracted down in the low level of our OS, the network can be responsible of many failures. This talk will quickly recall how the overall network (Internet) works, with OSI layers ; and will quickly converge on concrete case : TCP/IP How does TCP/IP works ? How does TCP dynamically measures network congestion and adapts itself to avoid it and share fairly the underlying pipe ? How does that impact your code in userland ? What is slow-start ? What is Reno ? What are those Linux tcp_*** settings for and those socket() options I can use ? How can I tune them ? Understanding the network helps a lot in debugging uncommon but especially troublesome scenarios. It also helps in understanding why and how a PHP script could fail due to network problem. We'll use tcpdump and WireShark GUI to debug network scenarios, and to find a guilty part : network , or app ?

3

User Story Mapping is a strategy where you form a team of customers, developers, and users around your project to discover the full details of your project. Your team diagrams the story of the business process and all of the events happening around it. Once you have completed discovery of these stories, your team uses strategies to view features alongside the problems they solve. It is a powerful approach that allows your team to prioritize features, based on everyone's needs and motivations. Instead of planning our project as a building that we must build with a strong foundation, we learn to plan as if it were a vehicle. This focus delivers the Most Valuable Features to the customer by answering the question, “What’s Your Skateboard?” In this talk, we will use some simple examples to diagram the process, discover the details of the project, and finally to identify the main objectives of the project. Through examples, we will discuss strategies for prioritizing features. Finally, we will talk about how to handle areas of risk in the story. You will quickly see how this strategy helps you to communicate more clearly with your customers, and how it can help you all evaluate priorities based on everyone's needs. Opening communication with your customer in this way, helps to reduce frustration with unmet expectations and confusion about project deliverables, as well as improves estimation. Participants in this talk will get an overview of the following: - Building the story map, and using the map to find out more about the project. - Grouping the stories based on objectives and problems solved - Prioritizing features that deliver the most value to your customers - Identifying risk in the story map and strategies to deal with it

2

Uncon talk

2

Uncon talk

As an experienced, developer, I am way too busy not to use an IDE with code completion, refactoring tools and step-debugging (and so much more). PhpStorm* is a fantastic IDE to help the skilled developer get stuff done quickly and correctly. Prepare yourself for a fast-paced look at 43 tips and tricks for PhpStorm, some that you may never even know existed. Note taking equipment is strongly advised -- how many do you already know? *Disclaimer - I work for JetBrains, makers of PhpStorm

Did you know that your web browser has a full suite of built-in JavaScript debugging tools? With the developer tools in Chrome, Firefox, and Safari, you can debug JavaScript on the fly with breakpoints, watch expressions, an interactive REPL with autocomplete, and much more. Learn how to troubleshoot bugs and memory leaks like a pro, armed with the same web browser you already use everyday - no extra plugins or downloads required.

From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn about the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work. You will also see how to create your own implementations in PHP.

9

"GraphQL represents a massive leap forward for API development." says GitHub. What can we do with it in PHP? It turns out to be not that hard. In this talk I will present how you can make this happen using PHP with Symfony backed by the current available libraries, while also taking some time to introduce you to the concept behind it and what could be the advantages for your project.

5

Microservices are one of the hot topics of the last years. When dealing with a large legacy application one might not think about them to refactor your current code. But can microservices save you from a world of pain when attempting to rebuild or improve your old application? This talk will cover the reason why one would or would not use microservices to tackle legacy in large applications, why refactoring often fails without and how to get started. I will talk about how it usually starts to go wrong and how it can go wrong anyway. But foremost i will try to give anyone who has worked on large, higly coupled, legacy applications another approach to refactoring and rebuilding.

Uncon talk

Uncon talk

8

Let’s have some fun while we entertain the idea that maybe - just maybe! - a microservice architecture would be a great fit for our (next) project. After all, we're almost past the microservices hype. It's time to prove that this can work! Starting from the premise that a microservice architecture is only viable if we focus not only on the speed of change, but also improve the safety of change, we can learn a lot from the early adopters who have already scouted large parts of the unknown territory before us. Tools and platforms are maturing pretty fast too, so it’s safe to assume that we are now (almost) past the peak of impediments. Let’s start enjoying those microservices!

Adopting new methods and technologies is always hard. And it's even harder to know if it's worth the effort. Behaviour-Driven Development promises to let you spend more time coding and less time pulling your hair out by increasing collaboration and thus trust between developers and business stake holders. Although with all the tools and process BDD seems to require, its implementation costs are often deemed to high. But BDD can work without any special tools or dramatic process changes. This talk gives you a hands-on introduction to Behaviour-Driven Development - aka Specification by Example - and shows you a light-weight or even guerrilla-like approach of making it work for you, in your project, with your tools.

9

Does your application or service use a database? When that application changes because of new business requirements, you may need to make changes to the database schema. These database migrations could lead to downtime and can be an obstacle to implementing continuous delivery/deployment. How can we deal with database migrations when we don’t want our end-users to experience downtime, and want to keep releasing? In this talk we’ll discuss non-destructive changes, rollbacks, large datasets, useful tools and a few strategies to migrate our data safely, with minimum disruption to production.

4

Progressive Web App provides a term to encompass what a modern web site can and should be. It builds on the foundations of web and enforces its best practices while allowing sites to adopt advanced features that previously required a native app. We will look at how to build a fast and secure web app while progressively layering in offline support, push notifications, and adding to the homescreen... and all beautifully standards-compliant.

3

Come and meet CouchDB, the NoSQL store with magical powers. CouchDB is intended to be very fault-tolerant; it has excellent abilities to reconcile two databases that have been offline from one another for some time even with conflicting changes. This session will discuss the best use-cases for CouchDB and show you how you can use CouchDB from your own applications, including some of the shiny new features in the 2.0 release. CouchDB uses MapReduce (written in JavaScript) for its views and offers some very powerful options for querying the data it stores. If you’re curious about alternative databases, especially for a large or growing application, then this session is for you.

Uncon talk

Don't worry, this is not about the goto keyword. In this presentation, I am showing you some of the inner workings of PHP. We are going to look at how different language keywords and constructs are handled internally. Basically, everything is converted to goto, but the how and why, is not as simple as it seems! This is a very in depth talk, mostly interesting to people that want to know how PHP works internally. Expect lots of wonkyness, a form of assembly, and trees.

5

You've done it, completed the project, on time and within the budget! Now the customer says we need to have this audited by a security firm. Uh oh... what will he find? What impact will the results have on our deadlines? In this talk we will examine what it takes to build security in with development and beat the pentester. We'll cover topics like Threat Modelling, Validation, Encoding and Defense in Depth with real world vulnerabilities and practical examples in an Agile context. And learn how to remediate those vulnerabilities by using best practices. You'll walk away with useful principles, practices and techniques to improve the security of your applications.

Many developers get lost in the hype of object oriented design. They miss out on how expressive and succinct their code could be if they tried functional programming. Take Monads, for instance. Many developers haven't even heard the name, much less are able to describe what Monads are and how they can be useful in every-day code. In this talk, we'll gain a clear and simple understanding of what Monads are, and how they can help us to refactor our code to be clear and concise.

Continuous Delivery (CD) allows for automated testing, immediate user feedback and reliable releases. However, for many companies, implementation of a complete CD pipeline remains an elusive goal, especially in environments dominated by PHP. Moreover, most existing CD solutions focus on a single pipeline, rather than allowing the development of several parallel features. This presentation details a ready-made solution tailored to the requirements of PHP development that we call nFlow. It uses familiar tools, including JIRA, Git, Jenkins, Docker and Kubernetes. nFlow advances beyond basic CD by offering integrated test environments, parallel feature development and deployment-on-demand. Integrated test environments bundle your constellation of applications into a single test environment, allowing you to test your new feature’s interaction with your complete application landscape. If you need to develop several features in parallel, nFlow creates unique branches and test environments for each new feature. Finally, once you complete your feature, nFlow automatically merges it with the master branch, and integrates these new changes with all parallel features still in development, and deploys it to production via Kubernetes. We offer steps easy enough for an aspiring devops to follow, should you wish to develop your own CD pipeline. We will show how this works in a live demo!

10

What do german tanks, your birthday and the speed of light have to do with our daily development work? It turns out, quite a lot! During this presentation, I will explain a series of mathematical theorems and paradoxes that we encounter every day during development, but we often fail to recognize. By using these theorems, we can create better code, find more secure and efficient solutions to our problems, and it even helps you out communicating with clients and project owners.

Uncon talk

Node.js can be a powerful platform used in the right situations, but it also has more footguns than PHP does for new developers. Asynchronous programming style, concurrency issues, error handling, the event loop, and no default timeouts for HTTP requests or network calls will give new developers more than their fair share of troubles and can cause issues that are difficult to debug and reproduce. This talk gives a brief introduction to node.js and the event loop model (don’t block the event loop!), and covers common pitfalls when using node.js with simple and practical solutions.

Zend thread Safety, also called ZTS, is a special way to build a thread safe PHP interpreter, usually used under Windows or Unixes requiring its help. We'll start by the beginning, recalling attendees what threads are, why we use them, and what we can do with them. Then, we'll remind ourselves on how the PHP engine works internally, before talking about how it isolates requests from threaded webserver. This talk is about internal technical details of how parallel computation have been achieved into the PHP language.

When Bruce Lee started his own martial art, he took all the best traits from the different flavours of Kung Fu and adapted it, to make his own unique version that suited him best. In this talk, I will draw parallels between software craftmanship and how Bruce Lee approached honing his skill. In the end, I will prove to you that Bruce Lee was, in fact, a software architect.

12

At any given time, 1 in 5 Americans are living with a mental illness, such as depression, bipolar disorder, generalized anxiety disorder, substance use disorder, burnout, or ADHD. Statistically, all of us working for an organization with 5 or more employees have at least one colleague who is affected. At the same time, the tech industry is often characterized by high stress, long hours, workplace pressure to be available by phone and e-mail after-hours or sometimes even while on vacation, social pressure to constantly network and attend conferences and make a name for yourself, and the precarious balance between trying to do good by contributing to open-source and maintaining some semblance of free time that doesn't involve coding. Given how this demanding environment increasingly blurs the line between our professional and personal lives, how can we ensure that the most vulnerable among us aren't being left behind? As a community, the single most damaging thing we can do is continue to treat mental health as a personal shortcoming that can't be talked about openly. We shouldn't think of it as "somebody else's problem"; the 4 in 5 of us who don't currently have mental health disorders must do our part to help end the stigma. This talk will begin with an overview of key statistics about mental illness, followed by the efforts of the non-profit organization Open Sourcing Mental Illness to gather more data about mental health in the tech industry, the ALGEE action plan taught by the Mental Health First Aid training course, and finally conclude with ideas and strategies for making our tech workplaces more accommodating and inclusive.

We've all read the news; we're being surveilled as a massive level. Governments are indiscriminately collecting data, and storing it for years. Even if we trust our governments, this creates a honey-pot of information that criminals would love to get their hands on. SSL certificates and encryption are important for data transport, and yet even some of the bigger companies don't get it right. Encryption is hard, and it's not end-user friendly, but the tide is changing. What if your business needs to work with the data? End-to-end encryption between users isn't an option. How can we increase security and privacy, when we need to see our users' data? The principle of datensparsamkeit, to store only what you absolutely need, is still subject to concern if there's a data breach. This talk discusses the options for end-to-end communications encryption in web applications, as well as ways of securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.

Uncon talk

7

Uncon talk

I'm the maintainer of a very popular open-source PHP package - PHPMailer. In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There's a lot that goes on behind a CVE number - I'd been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story.

6

No - not charts! Graphs are a data structure that are more than just the nodes and edges they contain: from mapping networks to representing arithmetic, from writing chat-bots to inferring relationships, applying graphs to a problem can quite often provide an elegant solution. In this light-hearted and accessible talk, I will cover the basics of graphs as well as go over a few simple but fun examples of this versatile concept.

Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?

6

Splitting an application up into multiple independent services can be a good way to keep it scaling and ensure stability and developer productivity in larger, growing teams. But just splitting the codebase, creating APIs and deploying the code on some servers is not enough, somehow your services need to know where and how other services are accessible. Classical approaches like hardcoding everything in every service or having a central load-balancer can quickly lead to problems in terms of scalability and maintainability. In this talk I'll show how we at ResearchGate tackled this challenge. With the help of tools like Consul and haproxy we created a setup that allows us to quickly boot and shutdown services. This ensures that all servers are utilized optimally and load spikes can be reacted upon quickly and automatically.

3

Drupal8 modernization (new object-oriented base) and adoption of many Symfony components is a huge step in connecting these two amazing communities and amazing projects. Drupal8 is not powered by full-stack Symfony and there are still many differences between these two relatives, but still, Symfony developers should master it easily. This talk is for Symfony developers who don't have experience with Drupal8. It will guide you through routing, controllers, hooks, events, Drupal Console, DI and many other interesting elements that power Drupal8 under the hood. It will also show how to build custom modules Symfony way.

5

Imagine your website suddenly runs slow from one minute to the other. You have done no code updates, no server updates and you can not see any errors in the logs. The first thing you do is call your host to ask them what is going on. After some time and a lots of dead ends, you ask them for information about load, visits, and visitors. But you don't get them and you have no access to their data but you do to the apache logs. This talk is about how i was able to get the dat ai wanted using Docker and elk to see what IP addresses were hitting the servers harder than they should and all the other data i could acquire by downloading and importing the acces logs and some handy filters without having to create an elk stack of my own.

It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right. A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers. In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

4

The web is becoming more and more powerful everyday, especially with the launch of Progressive Web Apps. PWAs are experiences that combine the best of the web and the best of apps. You can now build web apps that run from your home screen, receive push notifications & work offline. We will start by introducing Progressive Web Apps by explaining what are the main concepts behind it (such as Web App Manifest & Service Worker). We will cover in depth how we can write service worker code to control the network and create resilient experiences. After introducing PWAs, we will explore relevant best practices. Last but not least, we will explore some modern Web APIs that will make building PWAs a much more robust experience.

7

PHP and Golang complement each other in a great way. In this presentation you will first learn how Golang is different from PHP, then we will look at its use-cases with some examples, and finally we explore some important best practices. After this presentation you will know when Golang could be a suitable tool for the job.

6

On the wall mounted TV in our office a dashboard is displayed. At a glance we can see what the current tasks for each member of our team are, which important events are coming up, which music is playing, if it will rain in the next 30 minutes, ... and much more. In this talk I'll explain how we leveraged both Laravel and Vue to build the dashboard. After demonstrating the dashboard itself we'll take a deep dive in the code. We'll take a look at the entire flow: the grid system, broadcast events, the Pusher service, some cool Vue mixins and much more. After this talk you'll be able to setup a dashboard using our code available at https://github.com/spatie/dashboard.spatie.be

8

What is functional programming? Pure functions, of course, but don't forget immutability, referential transparency, pointfree programming and tail recursion. *) people without a degree in Computer Science

Uncon talk

Is that a bug or a feature? It’s magic! Learn how to (mis-)use PHP hacks to build actual magic into the language, and how to get burnt by it! This talk teaches some of the language features that are in PHP and that nobody should use, unless they are looking for trouble.