PHP North West 2017
29 Sep - 1 Oct 2017 at Manchester Conference Centre

2

Test driven development (TDD) is still a subject all developers agree upon it's a great thing, but never get around to actually do it for many reasons. In this workshop I use real world business requirements on legacy code for which we need to fix bugs and add features, but we're doing it in a TDD way. No matter if you're already a testing veteran or a junior developer just started working yesterday, this workshop will give you the skills and passion to continue your career as a Test Driven Developer. Upgraded to PHPUnit 6 and PHP 7!

In this session, we'll explore how to write console applications on the command line. We'll start with what writing a command line application involves, then move into using plain PHP to write our first application. Then we'll learn about what other options and possibilities are available and move into using some of the libraries that can help us build more interactive and robust console applications in PHP.

Hey you, it's 2017, you shouldn't configure servers manually anymore. Whether you only manage one or two servers as a hobby or have a fleet of cloud instances, you need to consider to declare your infrastructure as code. Even as a developer. In this workshop you learn how to use Terraform and Ansible in your daily job as a developer and advance to the DevOps world. With both tools together you're able to quickly create new machines at many clouds, provision them efficiently and last but not least add your new machines to a diverse set of different SaaS services.

PHP was never designed for long running processes and this causes problems for the modern world of programming where developers want to consume streams of data in realtime. HTTP/2 solves some problems with Server-Sent Events but it still does not solve the problem of efficient bidirectional communication. In this tutorial you will learn about Event-Driven Programming and how to create the foundations of a WebSocket application with React. Then we will move onto more advanced concepts such as removing blocking code with AMQP leading to the creation of a scalable and distributed WebSocket architecture built with PHP and associated technologies.

One of the challenges we face on a day-to-day basis is getting the right and correct information from our product owners or clients. This can be both frustrating and decremental to the velocity of your team. No one likes to work on features that when delivered someone says "well... that wasn't exactly what I had in mind" But now we have Stickies! So many stickies! It's a whirlpool of stickies, what is this madness? In this interactive workshop, we will explore all the facets of Event Storming as a modelling technique to get a clear and precise mental model of how a feature is supposed to work, all using the power of stickies! As we go through the user story, we'll explain the different types of stickies, why they matter, and show why EventStorming is such an effective format.

2

So you'd heard of the PHP Codesniffer and thought you'd give it a try. You set it up & ran it over one of your projects and it tells you there are over 6000 things wrong with your code... Darn... that sounds like work. Let's leave it for another day.... Or not. In this workshop I'll help you to properly get started with PHPCS. Everyone can bring their own project to work on. We'll look at the different rulesets available, select the one(s) which will work best for your project. Next, we'll look at customizing the ruleset to best suit your project & team's needs and we'll start auto-fixing issues. If all goes well, those 6000 things "wrong" will be down to zilch by the end of the workshop & you've got a pull request ready to prove it!

Have you ever found yourself in a situation where you were either constantly updating simple SQL queries as your app evolved or crushed under the maintenance of your own ORM ? In this workshop we are going to build a small application to become familiar with the ORM and database abstraction component of Doctrine. In the end you will be able to take full advantage of Doctrine and navigate around its limitations to build your application.

In this tutorial we will use Behat to perform end-to-end (E2E) tests. This is not a tutorial on BDD. However we will use some of the BDD principles to create our tests to test a PHP application. By the end of this tutorial you will know how to setup Behat for a new project, configure it for your project and use it with and without selenium to run client-side tests.

Hackathon

PHP has been around since the beginning of the Web. It has shaped and influenced many of the sites and web technologies we use every day. The SQL LIMIT clause came out of the PHP project, for example. Now, getting close to its 25th birthday, can it still make an impact?

6

Passwords are bad. We all know it, but we also know you're not going to build a service that doesn't use them - not if you like paying the rent. However, we can do a lot better. We'll take a whirlwind tour through the aspects of connecting people to your service, from generating passwords, not using passwords at all, creating users with one tap, identity providers, automatic cross-device sign-in, and password managers. Sign-in should be simple.

In this presentation we will look at storing complex data in a single field. Many noSQL solutions are created around this (such as Redis' lists, sets and hashes; MongoDB's and CouchDB's records), and many relational database now also support storing complex data in a single field through specific data types (such as PostGreSQL's JSONB or hstore, MySQL's JSON). Each of the different database engines support different things, and handle these data types in different ways. In this session we compare the different approaches to storage, indexing and interactions with these data types in different databases.

6

We have a ton of options for provisioning machines once we have an SSH connection available, but how do we get those machines in the first place? Meet Terraform from Hashicorp, your infrastructure automation engine. Providing a declarative interface for your infrastructure, you can define what you need and let Terraform take care of the rest. In this talk, we'll take a look at what Terraform can do for you, walking through your first Terraform configuration all the way to writing your own modules to encapsulate your infrastructure across multiple deployments.

1

Unconference Talk by Mike Lehan (@M1ke) Moving to AWS can be a big shift in how you work, but you don't have to relearn everything. This talk details how to get back the tools you know and love whilst still gaining the benefits of AWS for your system's scalability & stability.

Unconference talk by Chris Goosey (@daflyingoose)

Hadoop is a big data technology suite from the Apache Foundation that provides a range of tools for storing, interacting with and manipulating large data sets, or to help solve big data problems which might relate to the structure of the data just as much as the size of it. With many companies approaching points where they need to be able to handle large amounts of data, either right now or looking forward in order to scale, Hadoop is one of the core technologies that can help aid you there. In this talk I'll provide an outline of HDFS, Hive and Spark, three of the core Hadoop tools, and how you can use them; the differences between Hadoop and other technologies such as Elasticsearch; about Presto, a distributed SQL query engine that will allow you to query your big data clusters (HDFS, MySQL, PostgreSQL or Cassandra alike) with simple SQL queries. And finally, I'll talk about how you can utilise these resources from within your PHP application, allowing your platform to interact with your huge volumes of data without having to copy your business logic into another language.

It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right. A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers. In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

Where is the truth in sentences like "ORMs are slow" or "SQL is insecure" ? We will walk through the reasons that shaped ORM architecture, their potential and limitations. After this talk you will be in a better position to choose the best fit for you and your next application.

1

Unconference talk by Akihito Koriyama (@koriym) BEAR.Sunday in #phpnw13 A resource orientated framework using the DI /AOP/REST Triangle http://conference.phpnw.org.uk/phpnw13/schedule/akihito-koriyama-richard-mcintyre/ BEAR.Sunday official site http://bearsunday.github.io/

Unconference Talk by Mark Baker (@Mark_Baker)

4

Not all projects are created equal. Next to those awesome projects where everything is perfect, including the end product you deliver to the client, there's also the projects you hate and wished you'd never taken on. During this talk, I'll tell you about some of the projects I've been on that were all but perfect and how I handled them, or should've handled them.

Half of all exploitations take place between 10 and 100 days after a vulnerability is published in a library. Attacks come fast, exploits are automated. In this world, timely updating third-party software components is of vital importance. Incorrect implementation of these libraries makes it difficult to update and maintain them, increasing the risk of being breached via vulnerable components. This is the current state of the software where large number of software applications have vulnerable components. Starting from real-world examples, Katy Anton with explore the software design patterns to use when including third party components and will discuss how these patterns can reduce the attack surface and improve the overall security of the software. Developers and architects alike will benefit from case studies outlining how this approach improves security in the world.

9

Over the last few years I mostly worked with legacy PHP applications and one thing that comes up in each project is performance. Unfortunately more often than not discussion around performance issues are purely hypothetical or around micro-optimizations or the collected data is misinterpreted. In my talk I want to lay out how to effectively anticipate, identify and mitigate performance issues in a common PHP application. I want to discuss how to approach performance optimizations including micro-optimizations, some tools available to a developer for investigating and monitoring performance issues as well as some ways to improve performance, including a quick introduction to both application and HTTP-caching.

4

Unconference talk by Renato Mefi (@renatomefi)

Unconference talk by Holger Woltensdorf (@hollodotme)

In this session we will look at low-level (Linux) system debugging tools to find out what is going on (or wrong!) with your PHP environment, although the techniques are also valid for other programs besides PHP. We will cover debugging crashes with gdb, checking out memory leaks with valgrind, and many other tools to find out what is going wrong, and hopefully, figure out why. This session teaches tools to help out with tracking down bugs, and provides information on how to get better at debugging connection issues, crashes, files not being written, etc. The session is also valuable for people who want to help out with providing good bug reports for Open Source projects.

Security is often the after thought, something you do when the tests are passing, or worse handled by that other team. It's often complex and time consuming to test and fix all the issues that come from such audits. The reality is security can and should be at the heart of development, not something done at the end of the project but as an integral part of everyones workflow. This talk looks at how security practices can be introduced to Dev and Op workflows, how automation is key component in such integrations. Using both tools from InfoSec toolbox and tooling that already exists within already existing dev workflows to implement security testing at the application and code level. Security is everyones responsibility and should never be an after thought or someone else issue, nor should it prevent an efficient workflow.

12

Being a developer, programmer, analyst, tester, designer, etc ? is hard. We work in an industry that champions the 12+ hour work day; continued learning and open source contributions, but not on the company?s dollar. We?re continually berated with the idea of the 10x developer and so we must work harder, read more blogs, write more code and buy more books ? but when will it ever end? Will technology ever stand still long enough to let us all catch up? No. You?ll always be busy, busy playing catch up in a race you didn?t sign up for. Fortunately, there?s another way. Instead of being busy, I can help you be more productive. I will walk you through some of the tools and techniques that I use on a daily basis to, not only, maintain and upgrade my skills in the world of ever changing technology, but, and more importantly, to protect my sanity, be more present and remove stress and fear from my life.

0

Unconference talk by Juliette Reinders Folmer (@jrf_nl) If you're looking at the WordPress core code, you wouldn't easily believe that WordPress actually has clear and consistent coding standards. While the standards are in the Core developers handbook, most of the WordPress code base does not comply and patches to fix this were not being accepted. Until now. So let me tell you a little story about how we created the biggest patch to go into WordPress core ever. ...

Unconference talk by Dave Liddament (@DaveLiddament)

6

Separating data from functionality is one of the tricks to speedier applications, since it allows accessing the right content at the right time. Partitioning data cleverly presents several challenges that we've overcome for several projects, and it requires a combination of architecture, DevOps, development and testing skills that is pretty unique. Unless you have such a swiss-army-knife in your team (and are not afraid of the bus factor), you'd rather want to come listen to how we do it.

11

On May 25, 2018 all companies collecting and processing data of people from within the European Union must comply to the General Data Protection Regulation or GDPR. In this talk we'll cover what the GDPR is and how it will impact businesses within the EU and abroad, what can be done to comply to this regulation and how to proceed further. This talk will not provide you legal answers, but will give you technology solutions that will make your applications compliant to these regulations. Even if you're not processing data from the EU, these solutions will offer you better protection to the data you currently keep and will ensure that in the case of a breach, the impact will be minimum.

3

In this session let me introduce you to Disco, a container-interop compatible, annotation-based Dependency Injection container. Disco does not use an external configuration file but uses a standard PHP class with some meta data attached to configure your services. I will guide you through the journey of setting up Disco for a new project as well as highlighting its main features. Join me for a fun little ride to "DI done right" land!

Unconference talk by Tom Williamson (@skepticcanary)

1

Unconference talk by Scott Dutton (@exusssum)

Saturday Social

1

You?ve built your website, and now you just need to deploy it. There are various ways that this could be done - from (S)FTP, to SCP and rsync, to running commands like git pull and composer install directly on the server which is not ideal. My favourite deployment tool of late is Fabric - a Python based command line tool for running commands locally as well as on remote servers. It?s language and framework agnostic, and flexible so you define the steps and workflow that you need - from a basic few-step deployment to a full Capistrano style zero-downtime deployment. This talk will cover some introduction to Fabric and how to write your own fabfiles, to then covering some examples and demos of different use case deployments for your application.

This talk aims to be a fun, somewhat opinionated insight into the way that I've found success with testing. I'll share some of my most frequently used tips and tricks which have helped me to improve how I tackle writing automated tests. From tweaking your workflow, to the way that you actually execute your tests. I'll share real-life insights into my own daily workflow, and provide examples of how these tips have helped me to write better tests, stay focused, improve stakeholder communication, save time, and write less - but significantly better code. Whether you're new to testing, or have Uncle Bob on speed dial - you'll learn something new from my 12 tips.

8

Chatbots are rapidly gaining in popularity; changing the way in which users engage with organisations online. I'm going to talk about how you would get started writing a bot in PHP using Botman, and how to harness the power of artificial intelligence and natural language processing.

The next generation of developers are looking for learning resources, Universities are not able to provide the platform required to everyone, it comes at a high cost... Current free resources are lacking behind with new improvements in the language. Here's how we're filling that requirement. PHP School, a completely Open Source learning platform for "students" to push themselves, at their own pace, not driven by deadlines but topics of interest. Teach the skills that are required, show off your project with a tutorial workshop! The possibilities are endless, let's help shape the next generation.

When faced with a challenging legacy code base, tightly coupled and void of discernible structure: a big ball of mud, it is common to decide to refactor this monolith to a microservice architecture to separate concerns and split the codebase up, however without any clear boundaries you are in danger of creating a distributed big ball of mud. You may recognise the symptoms of a distributed ball of mud: a large unfocused 'common' library shared between multiple services; performance issues as your front end makes calls to multiple back end API's to serve a single request; dependency hell on deployments as you have to release multiple code bases simultaneously and uptime issues as a single microservice going down brings down your entire application. In this talk I'm going to cover some of the common pitfalls you might encounter when building a microservice architecture and show you how to use an event driven architecture to build truly scalable microservices.

10

Machine Learning (ML) isn’t Skynet, but it is a type of Artificial Intelligence. It’s certainly more easily accessible than ever - and could add great value to your software. We’ll cover the basic principles of the Machine Learning process: DATA > LEARNING > PREDICTION There are easily accessible, pre-trained machine learning REST APIs for image, text, video and voice analysis. These can be a real short-cut to taking advantage of ML quickly in your applications. We’ll look at some of these APIs and their application in real-world software. When your problem is harder, more niche or needs some customisation, you’ll need to “train your own model”. We’ll discuss the importance of data in Machine learning - the starting point for any new model. There are some great open-source tools (in PHP as well as the popular TensorFlow in Python) for building and training your own models - and with scalable, low-cost cloud servers you can train new models quickly in the cloud.

We all know those conference talks that bleat on about doing the right thing at the right time. This talk aims to reveal some of the anti-best practices to illustrate how some installations of MySQL are doomed from day 0. From infrastructure choice to queries and everything in between deserves special attention if you really want to fail fast.

5

Imagine you have to do a simple REST API including 3 endpoints, but in one day, is it ok? Such a small question but with many things into it, it's a cognitive trap, you are evaluating how much you can achieve in a day, your experience with APIs, the tools, the risks and much more things. Your brain has to work a lot to give certain answers, many times without considering all factors. This talk introduces you to the cognitive biases world, exemplified by a developer's life, creating awareness you could be able to avoid many issues in your career!

Jenkins has been one of the most popular continuous integration systems out there for many years. It was perfectly functional, but the UI wasn't the friendliest in the world and configuring jobs through a UI or XML files was just painful. In late 2016, Jenkins finally made it to version 2.0 which brought a huge number of improvements. From the new Blue Ocean UI to being able to define build configurations in your repo, it's a massive step up from version 1. In this talk, we'll go from an empty machine to a Jenkins install that automatically detects repos, branches and pull requests and builds them according to the Jenkinsfile in each branch. We'll be running tests, linting and packaging applications in parallel where possible, and even running things on Linux, Windows and MacOS all at the same time!

16

The talk is centred around the idea of community. PHP has one of the best communities we know. Its people are passionate, enthusiastic, loyal, and smart. But, there is a problem. We somehow feel, whether we like to admit it or not, that for our community, our language, to be great, it must be at the cost of another community or another language. Perhaps a framework we don?t like so much, or another language that thinks is better than ours. We make little remarks, or take cheap shots at the ?competition?. But it doesn't have to be that way. When I started coding all those years ago I had no idea there would be hoards of other developers waiting to share ideas and pass on the knowledge - all for the love of code. Which is the real reason we?re all here. We all love code. The talk will revolve around the idea that all software-based communities have so much in common. That we all have a common purpose - to share and promote the thing we love. But we can promote our community without detracting from others. Using the philosophy of "Think Win-Win" from The 7 Habits of Highly Effective People, I will discuss how shift in attitude can means we can all promote our beloved language and promote others too, and still win.