PHP Yorkshire 2018
13 - 14 Apr 2018 at University of York

4

Developers still hesitate to include writing tests in their everyday routine. There are numerous excuses, myths and misconceptions around: “they slow us down”, “we’ll never achieve 100% code coverage, so why bother”, “takes too much time to learn testing, we’re better of writing business logic instead”. When we get to the topic of writing tests first, the debate becomes even more heated. In real world, where you get paid by code that ships, developer strive to write the most efficient tests possible. To cover mission critical code. To quickly decide whether writing a functional test or series of unit tests is the best approach. Let us learn together how to use phpunit and TDD in most efficient way possible, for extraordinary results. This workshop is for developers who start their projects by drawing model of the database first, developers who are overwhelmed by number of testing tools or don’t know where to start and developers who simply want to level up their game. This workshop is framework agnostic, using what is available via composer/packagist. Main tool that is going to be used is phpunit, but knowledge can easily be translated to others (phpspec, codeception...).

This workshop introduces using Laravel’s opinionated rapid development concepts to create a real, working website. You’ll use the Blade templating engine, database access through Eloquent, command line using Artisan and acceptance testing using Dusk. Attendees will leave the session knowing how to quickly and easily create a simple, secure web application using Laravel.

I have been delivering pentesting courses to undergraduate and postgraduate students for several years, and have worked closely with professional pentesters and pentest brokers. The majority of students I teach will go into the CyberSecurity industry, obtaining employment as professionals within the sector for a wide range of well known (and not so well known) businesses and organisations. This workshop is a necessarily short introduction to the work of a pentester. We will consider the legal requirements, the learning environments, the tools used, and then we will explore the basics of an actual pentest. We will reference the OWASP Top 10, but we will also look at the contents of a scoping document, and how to structure a pentest by selecting relevant ideas from a range of pentesting methodologies.

4

This prototype works, but it’s not pretty, and now it’s in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it’s imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this tutorial, we’ll take a deep dive into each of these areas, looking at how we can make positive, actionable change in our workflow.

4

Think about "PHP" for a few seconds… What came to mind? It’s very likely you thought about your average product catalog, a blogging platform or how the platform is inferior to things like Node.js. But wait, it’s 2018! What if I told you PHP’s huge ecosystem has way more to offer and PHP is not inferior at all to its evil cousin Node.js? In this hands-on tutorial you will learn about the core concepts of async PHP and why you too should care about ReactPHP being a real thing. The workshop has a strong focus on sparking the idea that PHP can be way faster and more versatile than you probably thought. Bring along an open mind and through lots of interesting examples and live demos learn why what sounds crazy at first might soon be a valuable addition in your toolbox. You’re already familiar with PHP and want to learn what ReactPHP is all about? Then this tutorial is for you! We will start from scratch and build a demo application that pushes data from your command line in real-time to your browser. Several scenarios are prepared, but ideally you bring in your own ideas: Let’s build an interactive chat bot, an interactive CLI tool or even an actual desktop GUI, it’s up to you! The tutorial assumes people are familiar with PHP, have PHP and their favorite IDE already setup, but does not require people to be familiar with ReactPHP.

Programmers come in all kinds and sizes. But we’ve found that there is one major distinction that keeps us from working together: attitude. Optimistic programmers tend to come up with solutions quickly, while not always respecting the problem. Pessimistic programmers tend to come up with questions quickly, while not always respecting simpler solutions. Working together can be difficult. But by explicitly diverging and converging we can find respect for each other and what we have to bring to the table. By working together we find better solutions than we could working alone. We will group up in teams of four or five, in so called mobs, and work on a case study in pomodoro’s. We will first diverge, to give the optimists their moment in the spotlight, where they can create tempo and get some things done. Then we will converge and give the pessimists the power, where they can refine and get things done well. If you’re not sure what your attitude is, then we will help you discover it. We will be helping MeetInc. Their current implementation of what a meetup is, is sorely lacking. And the business has come with new rules. We will use this opportunity to make the code reflect the domain of meetups better. Your exact mission, should you choose to accept it, will be presented to you on GitHub shortly. And fear not, you are not alone. Your team is there with you, as are the business experts, who can answers all of your questions. Topics include Refactoring anemic models to useful domain concepts, Divergence and convergence, Timeboxing Other Info: At Procurios, we do this workshop with new employees. We focus explicitly on divergence and convergence and discover what kind of programmers the participants are. Through mob programming both optimistic and pessimistic programmers discover the value of their counterparts. Working together with a common goal all participants learn to gradually apply simple, small-step refactorings and make their code better reflect the domain. Participants require a laptop, at least one per mob. We will provide a starting framework in at least PHP. What value do we bring to the participants? A basic understanding and hands-on experience with refactoring from anemic orm-entity-like models to valuable, insightful, engaging models A short but explicit experience with forced divergence (let everyone share their ideas) and convergence (pick an idea and go with it). The insight that, through refactoring, rules and logic trickle down to the simplest objects We will start out with a short introduction, help everyone form teams of four quickly, and then go on to work for a couple of sessions. The first session will promote divergence. Participants in the mob are not allowed to interrupt the driver, but have to write their insights down or discuss them very quietly. The second session will promote convergence, where the team actively interacts and the driver is more of a voice-controlled keyboard. If there is time, the third session will allow each team some time to present their solution and struggles and experience.

Soft skills are getting more and more important on the workfloor. Developers however forget to practice these a lot and often do not even know how to practice these. With this workshop we will go over some exercises and drills each of us can do to improve our soft skills. Not only theoretically but also in practice. Active participation required! No laptop will be needed and there will be no development. Instead, we're going to focus on soft skills that matter most to developers. Teamwork, communication exercises and problem-solving quizzes will be the main focus. We hope to help stimulate developers to focus on the soft skills more and more and become better at what they do in their zone, programming.

Arrive, register and collect your delegate bag. Welcome tea and coffee will be served

All the important information for the day

What do Homestead, PHPSpec, Behat, Codeception and Drush have in common? They are all CLI applications written in PHP. In this talk Tim will look at how you can harness PHP in building CLI based applications, using a simple old school text adventure game as his main example. The talk will cover building command line interfaces, looking at options for threading and managing process as well as building and distributing applications as Phar files. Building for the command line especially on multiple platforms brings some interesting challenges and potential pain points and so this talk is very much a wish I knew this before I started talk.

20

We’ve been happy relying on MySQL for years, but have you ever wondered what other options are out there? This session will give you a tour of your options and some advice on when you might want to pick an alternative (and when you might not!). We’ll start with PostgreSQL, a very familiar paradigm but with some very valuable features not available in MySQL. We’ll take a look at Redis, and cover when a key-value store makes a valuable addition to an application. We’ll also visit CouchDB and discuss what NoSQL is, why CouchDB is excellent, and where it could fit into your stack. This session is intended for developers with MySQL experience who are looking to scale up their applications beyond just-another-website and are up for taking on some new technology to become even more awesome than they are already.

10

Have you ever heard terms like automata theory, Turing machines and finite state machines? While they might sound too abstract or even out of place for web development, rest assured, they can be quite useful in your web applications. We will quickly cover some basics and then dive right into most popular PHP state machine libraries. After the talk, you will know benefits of using state machines and, most importantly, how and when to implement them.

In our volatile and uncertain political times, developers can play a crucial role in protecting the safety and privacy of those who use the things we build. Whether you enjoy the support of an employer or work on your own as a freelancer, an informed regard for data protection must become a part of your development workflow. This talk will provide a practical toolkit which draws on current and upcoming data protection regulation (including GDPR), development frameworks, and recognised best practices in protecting personal data to inspire attendees to integrate a healthy approach to privacy into everything they do. Those who attend the talk will learn how to: Think proactively about developing for privacy and user protection; Adopt protective workflows and business practices; Understand that privacy and user protection are everyone's responsibility; Feel empowered to challenge things which may put people at risk.

The most common question or comment from PHP developers is: “When will WordPress increase their minimum PHP version?” In this talk Jenny will be sharing the work that has been happening to do just that. She will talk about the work being done with hosting providers, about plugin support, project Serve Happy and what still needs to happen before WordPress drops PHP 5.2 support. Come along to this talk if you want to find out what’s on the cards for this aging question and how you can help.

16

You might have heard of Domain Driven Design. You may have heard DDD is a tool to write readable and change-ready code. You may have even heard DDD comes with a lot of talking, and modelling, and customers... Starting with DDD sounds big, and scary, doesn't it? But getting started is not scary! Come find out what DDD can do for your code, tomorrow. We'll use value objects, entities and services to bring order to our mind and code. We'll see how naming things can guide us, but also trick us. We'll rework a piece of code together and improve what it means. And tomorrow you can tell your peers that, technically, you're doing DDD.

Why don't all websites work at the speed of light? In this talk, we will take a website and investigate it. Why is it slow? What is a slow website in the first place? Then we will run through steps we can take on how to improve the site speed and responsiveness, from infrastructure to code optimizations that are easy to perform and improve dramatically the website.

7

Mental health issues are something that affects a staggeringly high number of people in the software community yet are a topic rarely spoken about due to the stigmas associated with them. In this talk we will hear some of the things to look out for in others as well as in themselves, and how it could be affecting them and those around them. Mark draws on his personal experiences of imposter syndrome, depression and anxiety to highlight how these have had a profound impact on his development career. Mark will also be highlighting some of the amazing resources available through Open Sourcing Mental Illness (OSMI) and showing how they can help with your own mental health as well as making your workplace somewhere that nurtures and supports mental wellness. Finally, we'll also be equipped with some resources on where you can go to get help should you be suffering from mental health issues yourself.

6

By becoming a remote developer you can broaden your horizons, work on something more interesting to you. You as company, by going remote can find better developers, ppl more interested in what you are doing. But remote is hard. I will speak from my past experience and show you how I'we solved some of the issues. I'we been a remote developer (part of a team, not freelancer/contractor) for almost 2 years now and I'm loving it but the road was bumpy. Missing office gossip and relevant information, working from home or office, less direct contact with fellow team mates, not able to grab a lunch or drinks together team spirit is something that needs to be nurtured in other ways.

7

Is your code secure? Do you know what are the practices in secure code review? In this talk you will see the important aspects of the various controls to build a reference when conducting secure code reviews. The talk is composed by 2 parts: an overview of secure code review, the advantages can bring and how to integrate secure review techniques into development organizations S-SDLC. The second part is dedicated on the Top 10 web app vulnerabilities what’s their impact on a PHP application and what you should review to make your code more secure.

9

Code standards develop over time, and old code bases often suffer with older standards as there is no easy way to migrate towards the new standards leaving them in an all or nothing state. The tools available (phpcs, phpmd phpunit, phpmnd etc) all work on the whole code base and while some offer auto fixers for the code, larger (and older) code bases have too many issues which can not be auto fixed. Coverage Checker allows these tools to work alongside the tools mentioned above to ensure that all new code checked in conforms to these standards optionally also allowing a percentage of new code which must conform in order to ease the transition for example 80% of the new code must be covered by tests. New tools such as phan and phpstan are also very noisy which means you need to have a high level of quality before starting to use them, This tool allows an easy way to start benefiting from these tools! This is really easy to set up and all code bases can benefit. This also works for tools in other languages such as pylint, jacoco and more

Behat is widely used as part of a Behaviour Driven Development lifecycle, but it's also widely misused. In this talk Ciaran will explain what BDD and Behat involve, and show the best practices including writing good scenarios, driving service development from scenarios, and techniques for fast UI testing.

Whenever we do anything new, we make discoveries. Sometimes those discoveries speed us up, but more often than not they slow us down. The more innovative we are, the more we discover, the higher the risk and uncertainty - so how can we lead, manage and work in a way which embraces that uncertainty and lets us make discoveries early and safely? In this talk, Liz introduces the latest, "liminal" version of the Cynefin framework to help make sense of different types of situations and how to approach them: the obvious ones, the complicated ones which require expertise, the complex ones in which outcomes emerge, and the chaotic ones that we're usually trying to avoid. Find out how the simple concepts can help us counter our innate human desire for predictability, enabling change and innovation; not just in software development, but in every aspect of our lives.

A quick round off for the day including some prizes

We will host a small after party at the venue which you are welcome to join us for