phpday 2019
10 - 11 May 2019 at Hotel San Marco

Congratulations! By attending phpDay, you are now a full-fledged member of the PHP community. Your attendee badge is your membership card, proving your acceptance into this global society. My goal is to make that seem exciting instead of intimidating, especially if this is your first PHP conference (or perhaps even your first tech conference altogether!). But even if you’ve attended phpDay before, there is probably more you can get out of the conference and give back to the community. The theme of this talk is leveling up: approaching membership in the PHP community to a degree that’s appropriate for you based on your prior involvement. If this is your first conference, you’ll learn how to get the most out of it, including navigating the talk schedule, the official and unofficial after-hours events, and how to keep in touch with the people you meet afterwards. If you’ve been here before and/or are already a regular attendee at your local meetup, I’ll go over how to deepen your involvement, including how best to support your user group, take a more active role in the conference scene, and start making tiny but meaningful contributions to the open source ecosystem. Finally, for the longtime members looking to make a lasting impact in the community, I’ll go over the highest tier of community contributions, which includes running a user group, technical blogging, contributing to open source, and speaking at meetups and conferences — and why the latter isn’t nearly as scary as you might think, even if you’re a shy introvert like me!

Over the past decade, we’ve seen frameworks bloom, die, be replaced and re-born. We’ve seen good practices, anti-patterns and generally styles of coding come and go. What’s the takeaway from the last decade of framework development? Where are we going? What should we explore next? We’ll look at a brief history of frameworks, at which practices emerged from the various communities, and which of them survived and evolved, as well as recommendations to keep pushing forward.

Laravel Dusk provides an expressive, easy-to-use browser automation and testing API. Dusk makes it possible to run your Browser tests without any installation of drivers on your machine since it uses the standalone ChromeDriver. This talk will learn you the ins and outs of browser testing. We will use Laravel Dusk to test an application that is build with a VueJS frontend and Laravel backend.

In this workshop, we will show how to design and build microservices in PHP. We will use Expressive, an open source framework based on PSR-7 and PSR-15 standards, to build the services and Swoole, a PECL extension for async programming in PHP. We will demonstrate how to build web APIs in PHP using a middleware approach and how to execute microservices using Swoole, without the usage of a web server like Apache or Nginx. Moreover, we will show how to monitoring the microservices using the ELK stack (Elasticsearch, Logstash, and Kibana).

5

Manually adding data to our development environment is tedious and boring, not being sure on what changes will be applied to production database after deployment can be dangerous. To battle this issues, developers decided to load gigabytes of production data on their machines or run queries manually before or after deployment. In the world of crazy fast changes, working with more and more team mates and on more complex projects, automation and reliabilty are becoming a must have. Fixtures will give you opportunity to have small yet relevant data set so you dont have to import production data or enter testing data into the system your self, every time system changes. By using migrations we can easily transfer database changes amongst the team and get the confidence on the changes that will be applied to staging/production. In my case, both concepts helped communicate changes better and allowed us to modify the system with more confidence and at a faster pace. While some popular frameworks and ORM’s don’t ship with fixtures or migrations support by default, there are great extensions to provide this. I will showcase ones for Symfony and Doctrine but talk is more about their concepts and not the implementations.

4

A live demonstration on how to get up and running from an empty directory to a fully functional application, continuously deployed to a live Kubernetes cluster, with per-branch automatic releases and manual environment promotion. We’ll be giving a short primer on Kubernetes itself, which will be the base framework for our infrastructure, an introduction to Helm, which helps to manage K8S resource manifests and install third-party components, and show how to leverage the GitLab SaaS to implement a CI/CD pipeline.

This talk is for developers who want to know how to debug their code in a better way, through single step debugging, profiling, and simpler debugging tools. Xdebug is a PHP extension that implements many debugging aids and features. In this presentation we are going to look at this new version of Xdebug 3. The new version is a near total rewrite, and brings many improvements over its older releases. You will learn how to optimally use the new features and settings to make your development life easier. Besides introducing the redone functionality, we will also have a cursory look at how these features are implemented, just to provide a better understanding of what a debugging extension, can, and cannot do.

0

Can’t find that perfect plugin in the thousands that exist? Come to this session to see just how easy it is to create your own plugin and to get a brief look at the internal functions that WordPress makes available to the developer. We will actually create a simple plugin in this session while looking at the PHP code needed to make this happen. We will build a widget, and an admin sub-system to manage its data and extend that widget into a short-code example as well.

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You’ll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites. All the sites will be run locally inside docker containers so don’t worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

1

We got the task to make an order API, from open order, to delivered, with payments in between and after. So there are naturally a lot of states, and a lot of transitions where we needed to calculate the prices correctly and handle credit card transfers. Keeping track of all of this, and when we need to do what, ensuring that an order is always up to date, and that it has the data it needs, and that we send good error messages when a user can not do an action, was a challenge for us until we discovered the workflow component. This is a real happy use case story where I will show you how we did this, and how much more straightforward it was for us to build an otherwise complex system using the workflow component.

“Houston we have a problem! This change you want… Well it’s one small change for the codebase but one giant change to the test suite!” We all know why tests are great. But every once in a while we just wish they’d never been written. One case when test regret occurs is when we want to alter our functionality slightly but in doing so half the test suite goes from green to red. This talk will investigate why this happens. In particular it looks at the coupling between tests and the code under test. We’ll investigate ways we can reduce this coupling and make out test suites more resilient to change. This talk is aimed at those who already write tests and have a good understanding of SOLID principles.

5

Profilers like Blackfire.io or Memprof give you the functions that use or free memory. But knowing what is inside the PHP memory allows to better understand the origins of memory leaks. The opensource PHP Meminfo extension gives you a synthetic view of the number of class instances in memory, the full list of objects and other structures, as well as the relations between them (class member, item in an array, etc…). Having access to these relationships information allows understanding why an item has not been removed from memory by following the references that are still pointing to it. This talk will start by explaining how the memory is managed in PHP (ref counter, cyclic reference garbage collector), as well as the effects of a memory leak on your application performances. Then we will analyze some memory leak case studies by using PHP Meminfo and how to fix them.

1

This talk will approach a theme that, for many of us, judge it unnecessary for our applications, but it has an extreme importance to accelerate the code review process, focusing only on business logic. Will be shown what are Coding Standards, how to implement a tool to automate this process and promote the debate that good practices in programming can become Coding Standard rules.

-

2

“It’s not personal” but it so is! Code reviews are still one of the biggest sources of conflict in a team and can delay value delivery by days if not weeks. I’d like to tell you why that is but more importantly hand you a method that will let you focus on what’s important: the work. We briefly touch on the psychological mechanics at work during PRs, look at statistics to fuel decisions around commenting and then combine those two perspectives to create a solid code review etiquette for your team so you can achieve truly async non-blocking code reviews.

Most developers are trying to introduce more quality, maintainability and extensibility in their code nowadays, but what tools/frameworks/principles can they use to achieve that? SOLID is one of the main principles list people follow, and looking at the O (Open Close Principle), some people get confused or have different interpretations. In this talk, Thomas is aiming to demonstrate with implementation example and theory what the Open Close principle actually means, and how and why you should use it in your own projects.

-

6

“The Mythical Man-Month” is one of the seminal books in the field of software project management. It was written in 1975, based on experience from the 1960s. Is it even still relevant? Turns out, it is. Technology may have changed dramatically but people have not. Managing software projects is about managing people, not bits, and creative people engaged in intellectual endeavors are notoriously hard to predict and manage. (Just ask my project manager.) Fortunately, many of the lessons-learned Brooks’ presents are still relevant today. Some are directly applicable (“adding people to a late project makes it later”) while others are valid with a little interpretation. Still others fly in the face of conventional wisdom. What can we learn from that? This session will present a modern overview of the ideas presented by Brooks and a look at what we can still learn from them even today.

Before the start of development comes the gathering of requirements. This daunting task with the seemingly endless discussions. Followed by the creation of epics, user stories or tickets which will change over and over again - even when development has already begun. We can do better than this: With Event Storming, an unlimited modeling space and all the key stakeholder in the same room. Let’s get started with efficient Domain-Driven Design!

4

Programmers naturally give more attention to a “happy path” - default scenario in application execution in which everything works as expected, therefore neglecting the opposite way things can go. Topics such as dealing with exceptional conditions, use of exceptions, error handling seem to have been insufficiently studied, and it is very difficult to find useful explanations and tutorials online. This talk is an in-depth study about practices for dealing with exceptional conditions that promote code that is clean, consistent and convenient to work with. Special attention is given to applicable best practices for managing exceptions in a proper way, including formatting exception messages using named constructors, component-level exception type, exception wrapping. To make the story complete, second part of the talk introduces a solution for establishing central error handling system that makes this critical aspect of the software stable, unambiguous and easy to maintain. At the very end, some attention is given to testing exceptions and ways for keeping test code consistent and readable.

In this tutorial we are going to dive deep into PHP’s Internals. It is appropriate for people that know PHP as a language well, but are interested into finding out what goes inside in-depth. We will start by looking at how the language parser and scanner work, which convert scripts into an Abstract Syntax Tree. When then look at how PHP internal byte code is generated from this AST, and how the engine runs byte code. After the introduction, we will working together on extending the PHP core with a new feature. As a treat, we’ll also have a look at the OPcache extension, and see which optimisations it does to generated byte code. Reasonable knowledge of C (or similar languages) is required to make the most of this tutorial.

Serverless and its “functions as a service” promise us cheap and scalable applications. What is it like in reality? And how to merge the mature PHP ecosystem with these new architectures and tools? Where do HTTP and CLI applications fit in all this? How about Laravel and Symfony? Let’s explore those questions and illustrate the answers with case studies and “Bref”, an open source solution for deploying PHP applications on AWS Lambda.

4

Many hard problems in programming originate from one single source: not properly distinguishing the representation of data from the way it is interpreted. Have you ever written code that filters $_GET for SQL injection attempts? Struggled with timezones? Tried to get escaping right for Javascript in HTML? Detected the character encoding of a string? All are examples of this one problem. In this talk we will look at some examples of the representation-interpretation problem and find the general pattern behind it. We will see how primitive types make it so hard for us to get this right, and how we can use value objects to steer us in the right direction. Once you notice the pattern, you’ll be able to reason about and solve these problems much more easily. Contains: math, character sets, strong opinions on string escaping, and an almost illegal slide.

3

Sick and tired of “X technology is only good for starting out; after you do, move to Y”? Good news - you don’t need to move away, you just need to get in further! In this talk, you’ll learn about improvements in the newest version of the most used database in the world. What are Window Functions? How do you use CTEs? How can the new default encoding help me and what should I look for when upgrading versions? Is MySQL just an OLAP database or there is more to it?

5

Microservices are hot. But what if you have legacy and implementing microservices is nearly impossible. Is this the end of the world? Does this mean you are doomed? No, you can have the best of both worlds. Our legacy Procurios monolith is 15 years old. Today, we find the costs of splitting that codebase into services too high. And to be completely honest; we benefit too much. With event sourcing, discipline and hard work we have both the benefits of services and of our big pile of clean code. So let me tell you how you can build independent, mutually unaware applications. On top of that, I’ll share some secret monolith benefits…

-

A long time ago, in a land far away, lived a software wizard that was capable of grand magic. They built gardens, libraries, temples, castles. They created life where there wasn’t, and cleared the path where it was unsafe. And then they disappeared, and even though they left behind books and notes, none of their apprentices were able to learn the craft. Since then, nobody was able to use any of the tools of the great mage, and the creations kept working for only a few years, when finally even the last stone that was placed crumbled into sand. Sounds familiar? Software often feels the same: we’re all magicians that force a piece of sand into semi-rational thought, but what will happen when everyone moves on, and nothing works as expected anymore? This talk explores the problems that arise from breaking compatibility with existing tools, how to prevent those breakages from happening, and what to look for as a software maintainer. While I cannot guarantee that you will build indestructible magical fortresses with my tips, I can at least help you make sure that your work will live on with other people picking it up, and hopefully appreciating the stability that you worked towards. Focus areas of this talk: - perceived stability from a consumer point of view - maintainability of code - when and why to introduce backwards incompatible (BC) breaks - what to do when an unexpected BC break is found

3

It’s difficult to work on a project nowadays that does not support Docker. Surely, it is market standard and when we have more and more Dockerfiles it becomes hard to manage all dependencies and all possible environment setting. In this talk I’ll present how it is possible to use only one Dockerfile per project and continue creating safe, small and multi-environment images. Also, I’ll introduce the Multi-Stage technique and how we can use it together with docker-compose to maximize our development experience. Finally, we’ll end up with a better build time, clean images that contain just what’s really needed and control almost everything.

-

3

Like many PHP conferences, phpDay has a long tradition of using the platform joind.in to collect attendee feedback on the talks, used both by speakers to improve their respective presentations, as well as by the conference organizers to make decisions about tracks, talks, and speakers in the future. While joind.in isn’t exclusive to PHP conferences, it has its roots in that community, and so that is where its usage is most prevalent. Since its longtime maintainers recently announced their intention to step down and decommission the web server, making way for a new leadership team to step in and breathe new life into the project, now is a great time to take a meta look at joind.in and what it says about the PHP community. In addition to the web interface that you’re likely familiar with, joind.in has a public API that exposes virtually all the data it collects, including every single comment on every single talk at every single event in the system. In August 2018, during one of my company’s semiannual hack weeks, I partnered with our data scientist and one of our data analysts to analyze all of the comments and accompanying ratings revealed by the API. Come learn how we did it and, more importantly, what we learned as a result, and what lessons this might hold for us all as PHP community members.

2

Before composer we downloaded packages manually, one by one. Now we do it in composer update. That way you’ll update a dependency from Symfony 3.0 to Symfony 4.0. How do you fix BC breaks in your code? Manually, one change after another, file by file. In non-PHP world, lazy Google and Facebook folks automated such work with tools. What about PHP? With AST from nikic/php-parser this is now possible in PHP as well. I’ll show you how Rector can handle 80 % of boring upgrades for you. I can help with Symfony, Sylius, Twig, Nette, Doctrine and PHPUnit code.

-

PHP has been around for almost as long as the Web. 25 years! Join me for a fun look at the highlights (and lowlights) of this crazy trip. But I will also be trying to convince you to upgrade your PHP version. The performance alone should be enough, if not, I have a few other tricks up my sleeve to try to win you over. Performance optimization, static analysis, zero-cost profiling, dead code elimination and escape analysis are just some of the concepts that will be covered.